I’m presenting Bandolier to a NERC CIP audience in Dallas on Wednesday. We’ve never sold Bandolier as a NERC CIP solution, but it does have a lot of potential for assessment, reporting and audit evidence for several important requirements. There are a couple of SCADApedia articles related to this topic:

1.) Bandolier and NERC CIP: This is an article that highlights some of the areas of applicability.

2.) Nessus Credentialed Scanning: This is a more recent article that discusses additional features available with Nessus credentialed scanning.

What doesn’t exist yet on the SCADApedia (creating some work for myself here) is an article that describes how you can use the credentialed scanning functions beyond the policy compliance plug-ins for NERC CIP auditing. A couple of examples I’ll be covering in Wednesday’s presentation include the patch auditing feature and netstat port scanner. Both of these are safe to run on nearly all servers and workstations and can provide some excellent reports that should make for solid documentation. If you’re running the Bandolier files, it just makes sense to turn on these additional credentialed scan options. And even if you’re not using the Bandolier files, the credentialed scans and other audit files have a lot to offer.

On a somewhat unrelated note in the “small world” category, I discovered that the NPRA is hosting its 2009 Reliability & Maintenance Conference and Exhibition in a nearby conference center. I had the opportunity to give my five minute control system security and Bandolier speech to a gentleman riding on the hotel courtesy van. He was adamant that his DCS was isolated and thus secure until, after some conversation, he admitted that there is an Internet connection for remote support. Not that all security risks come from outside attackers, but it’s the one that people seem to understand the most.