Recently I recorded a podcast with Nate Kube of Wurldtech who has done more hands on controller testing over the past years than anyone I know. It is fascinating to hear the testing techniques, trends and common findings in this specialized and complex field.

 

 Standard Podcast: Play Now | Play in Popup | Download

Wurldtech announced today that ABB’s AC800M industrial controller is now Level 1 Certified. I’ve blogged before on Achilles Level 1 Certification, but in brief it means a controller passed rigorous positive, negative and resource exhaustion test cases in layers 2 to 4 of the OSI model, e.g. Ethernet, IP, TCP, ICMP, ….
This certification is gaining […]

The announcement of the first Achilles Level 1 Certified Controllers is out. They are:

CENTUM CS 3000 Field Control Unit - Yokogawa
CENTUM CS 3000 Vnet Router - Yokogawa
DeltaV Controller – Emerson
ProSafe-RS Vnet/IP Safety Control Unit - Yokogawa
Tricon Safety Controller - Triconex (Invensys)
Trusted Safety Controller - ICS Triplex

It is great to have four vendors with certified products […]

Early Feedback and Questions For You
We had a great opportunity to get some feedback on the Achilles Certification Program at PCSF. Here are a couple of points:
How to handle the situation where a protocol is not present or disabled?
For example, some controllers may not support ARP which is in the Level 1 Certification. Our […]

Part 3 - Achilles Certification Levels
With Part 1 and Part 2 as background, we are finally able to describe the various Achilles Certification levels, timetables and publishing of the Achilles Certified Controllers.
Level 1
Level 1 Controller Certification is the base level certification and covers the common protocols in layers 2 to 4 in the OSI stack. […]

Part 2 - Testing Methodology and Coverage
As a developer, you look at the requirements and design specification and this dictates what the product or device must do. In the case of protocols, these specifications are in the form of standards issued by standards bodies or industry groups recognized as authoritative for that protocol.
Once the product […]

A lot to cover here so I’ll break this into four blog entries:
Part 1 - Why Protocol Stack Testing?
Part 2 - Testing Methodology and Coverage
Part 3 - Achilles Certification Levels
Part 4 - Early Feedback and Questions for You
Part 1 - Why Protocol Stack Testing
Achilles is a black box testing platform. For those new to […]

Digital Bond is a small, I like to say boutique, SCADA security research and consulting practice. We try to focus on projects that will have a significant and near term positive impact on the SCADA security community. I believe we have a pretty good track record with our SCADA IDS signatures, Nessus plugins, S4 […]