I’m out at EnergySec in Seattle and gave a 1 hour presentation yesterday on our Bandolier, Portaledge and Quickdraw presentation. Here is a link to the presentation.

Our approach to control system security research is to extend existing tools and applications in two ways.

1. Add control system intelligence to existing IT security tools.

Bandolier extends the the popular Nessus security scanner to audit the hundreds of security settings in a control system component against an optimal security profile. Quickdraw extends the Snort network IDS to understand and decode control system protocols such as EtherNet/IP, DNP3, ECOM and Modbus TCP. We developed Snort preprocessors and plugins that can be used in Quickdraw, for IDS/IPS signatures, and also for application intelligence in a field firewall.

2. Add security intelligence to existing control system components.

Our Portaledge project uses the OSIsoft PI Historian to aggregate security events, correlate these events and detect cyber attacks. Essentially it turns a Historian into a SCADA SEM.

We make all of our research available via subscriber access that costs $100/year. For that price your company download and use all of the tools wherever you want. The fee is not a money maker. It actually is designed to limit support costs to serious industry players. You would be amazed at how this small subscription fee reduces support costs and whittles down requests.