It’s about time for another update on the Quickdraw project, Digital Bond’s passive log generator project.  So far most of the work has been research with the equipment in the lab and writing C code for Snort.  This post is broken up into two pieces, first about what I’ve learned about how equipment talks and [...]

Quickdraw is a software tool currently under development with funding from the Department of Homeland Security to passively analyze network communication between components of a SCADA system, track user transactions and log Security Events that could impact the system.  The last post on Quickdraw outlined some high-level ideas about Security Events.  This post explores some [...]

In case you haven’t heard yet of the massive DNS vulnerability discovered by Dan Kaminsky (US CERT advisory here) don’t forget that DNS is as common in process control environments as they are in Enterprise IT and this advisory affects us just as keenly as our corporate cousins.  How many control systems use DNS to [...]

Quickdraw is Digital Bond’s DHS funded security project to develop an application that will generate security log events for PLC’s and other legacy field devices with little or no security event logging capability.  While evaluting the technical requirements necessary to capture the security events identified for Quickdraw, Martin Solum and I came up with some [...]