If you administer, manage or run an Energy Management System (EMS) odds are good that you employ OSIsoft’s PI historian to record and archive the point data of your control system. Portaledge leverages the Advanced Computational Engine of PI to provide a Security Event Monitor (SEM) for the control system.

Portaledge plays two important roles in a control system. First it monitors the network for various data points that are indicative of and attack and second, it will (shortly) provide logging information that helps to meet regulatory requirements.

Portaledge monitors the network in various ways. Currently modules exist that watch for enumeration activities and for changes/degradation in the amount of resources on a system. The enumeration techniques are the standard tools by which the majority of attackers will determine what exists on a control system. The availability modules monitor PC based systems, field devices and network components.

There is also a nice Traffic Monitor module that watches and alerts for “out of the ordinary” network sessions. The ordinary traffic on a control system is somewhat easy to define. The Traffic Monitor simply alerts on any network session out of the “allowed” list defined by the administrator. This is a useful tools as most attack and exploit traffic will be targeted at port ip duplets outside of the normal ranges. The traffic monitor is part of the Enumeration Module.

Our forthcoming work on Portaledge is to provide modules that will meet NERC logging requirements. In a previous blog post I delineated some of the NERC requirements that Portaledge can help meet. There is more information also available about NERC CIP requirements and how Portaledge can aid in acheiving these requirements in the SCADApedia. The NERC CIP modules will be our primary development goal after our soon to be released Meta Event package.

If you already have PI deployed on your EMS odds are you have the majority of the licenses required to run Portaledge’s Availability and Enumeration Modules. Portaledge is available to Digital Bond’s digital content subscribers, said subscriptions are available for $100 a year. All S4 attendees also receive a one year subscription (another good reason to come to S4).