Part of Digital Bond’s Bandolier project involves converting the Nessus security audit files into XCCDF and OVAL for use in other security tools. I had the opportunity this week to attend a class put on by MITRE that covers the standards and applications available for developing security benchmarks. It was very informative for helping distill [...]

The NERC CIP cyber security work in the electric sector has been fast and furious as deadlines approach, as have the comments on the value, or lack thereof, of this effort. I am very confident in the following two conclusions based on working with many of the asset owners and vendors. They are so obvious, [...]

Often times those involved in operating critical infrastructure are given a false sense of security when looking over the daily stream of vulnerability disclosures and patch information, as these feeds/lists seems to seldom contain anything specific about their systems.  But there is a lot of code dwelling on the purpose built servers and embedded systems [...]

Recently, two members of the European Commission, Viviane Reding and Meglena Kuneva, proposed that the European Union’s (EU) consumer protection rules for physical products be extended to software.  This expansion of the consumer protection rules to include software would make software companies liable for their products.  A policy like this could make companies like Microsoft [...]

Our goal in our tool development research projects is to make the installation process as painless as possible. This in a challenge in Portaledge as we need to be able to poll and write security log data, but the location and naming of the data is dependent upon the user and will be different from [...]

I’m presenting Bandolier to a NERC CIP audience in Dallas on Wednesday. We’ve never sold Bandolier as a NERC CIP solution, but it does have a lot of potential for assessment, reporting and audit evidence for several important requirements. There are a couple of SCADApedia articles related to this topic:
1.) Bandolier and NERC CIP: This [...]

Say all, I thought last week’s Economist cartoon really was a cute depiction of what the war fighter of the future will look like. See:
War Fighter
-Martin

At this point I’ve created only about 50 pcaps of control system network events  based on the capabilities of the half a dozen devices in the Digital Bond lab.  It has been an interesting experience but the main thing I’ve learned is that while control system devices provide very sophisticated functionality compared to the IT [...]

Tenable CEO Ron Gula and I will discuss Bandolier in an upcoming webinar. If you have questions about Bandolier, have been waiting to find out more, or are just interested in safely scanning control systems, this event is for you. In addition to the discussion, we’ll actually show some Nessus policies set up for control [...]

I found this steroid analogy in a comment from Peter Sorenson to be very interesting: “You know once the government begins to enforce regulations, and determines that the target industry is resisting, that the stick they wield ONLY gets bigger – -
Steroids in sports ring a bell? Industry buries its head in the sand, Congress [...]