The Portaledge team is pleased to announce the beta release of the Enumeration Event Class. Portaledge is Digital Bond’s Dept. of Energy program that leverages OSISoft’s PI ACE engine to provide Security Event Management, detecting, alerting and logging of security events on SCADA and DCS.
The Enumeration Event class currently has modules for detecting common [...]

Ok brilliant researchers and thought leaders in the control system security community – – send in a brief abstract for S4 2010. This will be the 4th edition of Digital Bond’s SCADA Security Scientific Symposium. It draws 50 top technical talent from around the world and a virtual audience watching the simulcast.
Read the Call [...]

We routinely use file content checking to retrieve and evaluate configuration settings for the Bandolier security audit files. This is a function of the Compliance Checks plugins for Windows and Unix. It works well as long as the file name is known. What if you want to search for specific content but do not know [...]

Portaledge has an event hierarchy. The hierarchy (from smallest to largest) consists of: Event Triggers, which cause Events, which are correlated in a class into Event Class Events. Events and Event Class Events can be correlated across classes into Meta Events.
Today I am going to discuss Event Class Events. Triggers and Events were covered last [...]

We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:

DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]

The Microsoft Manufacturing User Group [MSMUG] will hold its annual summit in conjunction with ISA’s annual event in Houston on October 8th rather than out in Redmond. Whether this is due to limited travel budgets or to take advantage of the built in crowd at ISA it should boost attendance at MSMUG.
UPDATE: This just in [...]

Lately I’ve been working with the SEL-2032, learning the device capabilities provided through the SEL protocol, Modbus, DNP3, UCA2, GOOSE, etc. GOOSE (which stands for Generic Object Oriented Substation Events) is particularly interesting. GOOSE (a component of the 61850 protocol) is a mechanism for fast transmission via ethernet of substation commands and sensor [...]

As our second release of Portaledge Event Modules is forthcoming, I am continuing with a series of posts on Portaledge fundamentals. My goal is to provide an overview of how Portaledge functions, and it role as a Security Event Manager for control systems.
Portaledge relies on a variety of data sources to monitor a system and [...]

We have been blogging about the benefits of virtualization in control systems, see the blog posts here. Asset owners have been reluctant to embrace virtualization until it was blessed by the vendor, and this is understandable. A few vendors have been working on virtualization support, and the highlight for me at the AREVA User Group [...]

I’m at the AREVA User Group meeting in Seattle this week. Good event, great crowd. The attitude and honesty at User Groups is very practical and refreshing. There is a lot of good security information both from the vendor and users, but it is not public so …
The main reason I’m here is to announce [...]