Let’s get this out of the way — application whitelisting does not equal perfect security. But neither do any of the other host-based security products that are competing to get on your control system servers and workstations. The bloated AV programs that do signature-based scanning, heuristics, packet filtering, and intrusion prevention can’t even solve all [...]

I was first encouraged and then disappointed to read the press release announcing Honeywell’s Experion C300 Controller had achieved Achilles Level 1 Certification.
I was pleased to see another vendor stepping up to get their controller protocol stack tested. Controller protocol stack crashes are still a serious problem with many falling over with simple fuzz testing [...]

Working on Bandolier has given me the opportunity to think more about the importance of system hardening and good system administration. When I worked for a university there was a small team of Windows systems administrators who did a great job maintaining systems. I was impressed (which doesn’t happen often in this context) [...]

Last month I ran across the CoreTrace booth at the ISA Expo. Ever since that happenstance introduction, their name and the concept behind their Bouncer product keep popping up in conversations, news feeds, and even Google advertising — mostly in the context of solving SCADA security and compliance issues. Control system server and workstation security [...]