I am currently working on the Availability Event Class for the Portaledge project.  This event class will measure the performance of computer systems, network devices and control system devices on a network.  The modules will then alert the user if the performance of either a system or device reaches a threshold or degrades over time.  [...]

Portaledge is a Digital Bond research project that uses OSIsoft’s PI server to aggregate security events, correlate these events, and detect cyber security attacks. It is funded by the Department of Energy.
We have a major shift in our approach to this project. The initial approach was to generate meta events through a series of expert [...]

UPDATE: I added some comments in my code to make it a bit clearer.
I recently started working with OSISoft’s PI ACE for use in the Portaledge project. Kevin and I put together a sample Meta-Event involving snort events, a key logger and uploading new firmware to a PLC. The code below is an [...]

Portaledge is a tool being developed by Digital Bond with Department of Energy funding that uses OSIsoft’s PI server interfaces to aggregate security events from IT and control system data sources and then correlate them through PI’s ACE correlation engine to detect cyber attacks. 
In considering the collection of these security events in PI, an obvious [...]

We will be using many different PI interfaces for data collection on the Portaledge project. OSIsoft has some excellent interfaces for IT monitoring that will be extremely helpful for attack correlation. I’ve been adding some content to SCADApedia regarding these IT interfaces. I will continue to update the site as I delve [...]

The widespread deployment and integration of the IEC 61850 standard in electrical substations, hydroelectric power plants, wind power plants, etc., adds a new challenge to security event analysis, namely what IEC 61850 events are to be deemed as being relevant from the security perspective.
Probably the very first data objects to look at are those which [...]

This is a challenge. In Part I we identified the security events we wanted to look at. In Part II we talked about the PI interfaces that can pass events from a wide variety of data sources to PI. In Part III we delve into the challenge of creating tags in PI for the various [...]

Part I covered identifying security events in a very diverse set of data sources. The next step is to get those security events into OSIsoft’s PI or other historian so we can aggregate and correlate to detect attacks. Fortunately this is an area where PI really shines through a wide variety of interfaces.
The most popular [...]

Our Dept. of Energy funded research project will result in a number of different tools for Digital Bond site subscribers. We have blogged on Bandolier, the development of control system security audit templates for Nessus and other vulnerability scanners. Now let me introduce you to the part of the project we are calling Portaledge.
Portaledge Overview
A [...]

OSIsoft’s PI may be the most widely deployed application in the energy sector. Depending how you segment the market, PI is in somewhere between 60% and 85% of all medium to large energy control systems. So the team at Digital Bond investigated how we could leverage this installed base to increase security, and fortunately OSIsoft [...]