I’m at the AREVA User Group meeting in Seattle this week. Good event, great crowd. The attitude and honesty at User Groups is very practical and refreshing. There is a lot of good security information both from the vendor and users, but it is not public so …

The main reason I’m here is to announce the Bandolier Security Audit Files for AREVA e-terra and encourage AREVA users to take advantage of them. A lot of interest and questions at the presentation today.

AREVA is one of the vendors that is maximizing the use of the Bandolier results. Not only are they making the files available to customers, but they are also going to use them in QA [to verify new patches or feature upgrades have not degraded security settings] and as part of FAT/SAT for new deployments. As a community we may not be able to address all the legacy system security problems, but at least Bandolier can help verify that new control systems are deployed in a hardened security manner. Sharon Xia discussed much of this in a recent podcast.

On Friday, AREVA is teaching a half-day class on using Bandolier to audit e-terra security. Very cool.