Bandolier is our DOE-funded project where we are working with control system application vendors to define optimal security configuration for the various components (HMI’s, Historians, Realtime Servers, etc…). We then develop Nessus audit files that allow an asset owner/operator to audit their systems. Loyal blog readers have heard us discuss many facets of the project [...]

For the past two weeks we have been working on integrating Portaledge with enterprise SEMs.  We added an outputSEM funtion in all of the Portaledge modules that writes normalized output to a file. The outputSEM function is designed to be easy to alter if an enterprise SEM does not have a method of interpreting log [...]

We are offering our Advanced Training Course on April 5th in San Antonio to make it convenient for those attending ICSJWG’s Spring Meeting on April 6 – 8. The afternoon module is on using and customizing our SCADA IDS preprocessors, plugins and signatures developed with funding from a DHS S&T contract.
The morning module will [...]

Two weeks ago I brought up the topic of sending data from control networks to a Security Event Manager (SEM) on the enterprise network. This week I would like to discuss reasons why you would want to send security data from the control network to the enterprise network.
One of the more obvious reason to send [...]

The Portaledge Meta Event release is now available to Digital Bond site content subscribers. It is also recommended that all adopters of Portaledge grab the latest releases of the Availability and Enumeration packages that accompany this release.
Portaledge is Digital Bond’s security event manager (SEM) that  leverages OSIsoft’s PI ACE engine to monitor for, correlate and aggregate potential security events [...]

When we are working with asset owner clients I often find myself thinking or saying, “If I was responsible for the security of this control system I would …” These are usually related to issues of implementing and maintaining an acceptable security posture over time. Customizing Bandolier Security Audit Files would be high on my [...]

Testing has always been part of making changes to a control system. When a change is made (e.g. new component, upgrade, patch), we have to know if everything is still going to work. Progressive asset owners have incorporated a security element into their functional testing for a while now. Some would even argue that it’s [...]

Digital Bond’s class, Using and Customizing SCADA Security Tools, was a sellout when first offered the day prior to S4 last month. It teaches advanced students how to use and customize the Bandolier Security Audit Files and the SCADA IDS preprocessors, plugins and signatures. The goal is to help asset owners and vendors take [...]

A Security Event Manager (SEM) is an easy way to monitor your network for security events. Many of the big security firms including ArcSight, Cisco, Tenable and Tripwire offer SEM products. SEMs aggregate logs from various locations such as windows event logs, anti-virus logs, patch management systems, firewall logs and vulnerability scan results. The data [...]

If you administer, manage or run an Energy Management System (EMS) odds are good that you employ OSIsoft’s PI historian to record and archive the point data of your control system. Portaledge leverages the Advanced Computational Engine of PI to provide a Security Event Monitor (SEM) for the control system.
Portaledge plays two important roles in a control [...]