If a control system is hacked and there are no mechanisms in place to forensically trace the attack, you have no idea how the attack occurred and no clues on what to do to close/remediate the attack pathway. This lack of forensics leaves the system open and vulnerable to the repetition of the exact same [...]

Digital Bond’s class, Using and Customizing SCADA Security Tools, was a sellout when first offered the day prior to S4 last month. It teaches advanced students how to use and customize the Bandolier Security Audit Files and the SCADA IDS preprocessors, plugins and signatures. The goal is to help asset owners and vendors take [...]

In mid-December we completed the Quickdraw project which creates security events for legacy PLC’s that lack a security event logging capability. In the following weeks I will write a blog series on Quickdraw, but a lot of this work involves adding SCADA preprocessors and plugins to Snort. So let’s start with a SCADA Snort blog [...]

I’m out at EnergySec in Seattle and gave a 1 hour presentation yesterday on our Bandolier, Portaledge and Quickdraw presentation. Here is a link to the presentation.
Our approach to control system security research is to extend existing tools and applications in two ways.
1. Add control system intelligence to existing IT security tools.
Bandolier extends the the [...]

As a followup to our preprocessor code release, we’re going to put together a few posts detailing the use of a few of the features provided by them.
To begin, we’ll work our way through an example with enip/cip.  Lets say that we wanted to have a log of everytime that a sucessful “Open Connection” request [...]

We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:

DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]

It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using.

As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do much of the processing and alerting using only the snort rule language [...]

I’m tweeting the next two days at the DHS S&T Cybersecurity Applications and Technology for Homeland Security [CATCH] event in snowy and cold DC.
This event highlights the research results from DHS funded projects, which includes our Quickdraw project.

My temporary job here at Digital Bond is to support Digital Bond’s control system technology lab and specifically the Quickdraw project.  That means primarily to identify and generate significant ‘representative’ network traffic, specifically control system traffic that may have security significance.  We are using real control system hardware devices to produce the ‘representative’ network traffic.  [...]

Let’s face it, no matter how hard we try, or how elaborate the defense, sometimes the fox gets in the hen house (Or sometimes it just eats at McDonald’s). When I was in college taking a computer systems design course my professor stated that computer technology is invented in fits and starts. For [...]