Digital Bond » Tools

Tools

The team at Digital Bond is always looking for interesting control system security research projects, and we have a list of leading and bleeding edge projects that await a funding source. If you are interested in funding a research project please contact us at info@digitalbond.com. We are very grateful for our past and existing sponsors and look for any opportunity to give them the credit they deserve.

Digital Bond’s applied research has actually made a difference in the state of control system community. We place great emphasis during the project selection and construction on how the results will be made available and benefit asset owners. We have a two-pronged approach:

2. Information on each project is added to the SCADApedia. Our goal is to get the results used so you will find multiple pages of detailed information on each project on the SCADApedia.

The brief description of each project below includes a link to the primary SCADApedia page and a link to the tool.

Current Research Projects

Bandolier

Bandolier is a Digital Bond project that creates customized Nessus audit files for SCADA, DCS, and other industrial control system applications.

In this Department of Energy funded project, Digital Bond partners with control system vendors to establish practical security configuration guidance for their applications. Customized operating system and application-level Nessus audit files are available now for over twenty control system components from leading vendors, with more on the way.

For asset owners and operators, the audit files provide a way to verify that their systems are in an optimal, vendor-supported security configuration – both at the time of delivery to hold the vendors accountable and for ongoing, routine security auditing. In addition, the Bandolier reports provide valuable evidence for NERC CIP and other regulatory compliance requirements.

Vendors like Telvent, AREVA, and OSIsoft are using Bandolier to help deliver hardened systems. They use Bandolier for acceptance testing and for routine security validation testing in the patch and update process.

Traditional vulnerability scanning has been dangerous in control system environments due to aging devices, fragile protocol stacks, and poor development practices. Using Nessus credentialed scanning and Bandolier, there is finally a safe and effective way to assess the security posture of these critical applications. Bandolier, in conjunction with the Nessus compliance plugins, is the most widely used security tool in industrial control systems.

Portaledge

This project aims to leverage the aggregation and correlation capabilities in OSIsoft’s widely deployed PI server to detect cyber attacks. Data sources such as PLC’s, SCADA apps, OPC and ICCP servers, routers, firewalls, IDS, servers, workstations and more will send Digital Bond identified security events to PI. We then will use PI’s ACE capability to correlate these individual events into what we are calling a meta security event.

While this project is designed around the PI server, the results will be generalized and made available so other historians or SEM’s with a correlation capability can detect these meta security events.

Link to Portaledge Beta release package
Link to Portaledge SCADApedia Page
Link to Portaledge Two-Page Brochure [Coming Soon]

Portaledge is funded by the U.S. Department of Energy

Quickdraw

Almost all PLC’s and other field devices to a very poor job of security event logging, and this is unlikely to change in the near future for the deployed field device base. Quickdraw is an application that sits passively on the network like an IDS sensor, collects packets sent to and from field devices, and generates security event logs that the field devices should generate to aid in attack detection and post incident analysis.

The Quickdraw generated security event logs are then sent to historians, Security Event Managers [SEM's], log aggregators or even Portaledge for storage and analysis.

Link to the Download Page with Snort Patch File, Rules and Packet Captures
Link to Quickdraw Documenation on the SCADApedia

Quickdraw is funded by the U.S. Department of Homeland Security

Past Projects

Assessment Tools

Digital Bond occasionally makes a selection of our in-house assessment tools available to the community. Also, other security professionals sometimes distribute their tools via Digital Bond’s site. Offensive tools are limited to vetted subscribers. Defensive tools are available to all subscribers.

Link to Download ICCP Fuzzing Tools
Link to Download NetDDE Tools
Link to Download OPC Audit Tools and Whitepapers

Honeynet

Digital Bond developed a PLC honeypot and integrated this with technology from the Honeynet Project to create a SCADA Honeynet. The solution is easily deployable as VM server images and requires little knowledge of honeynets or PLC’s. We are also monitoring SCADA Honeynets to detect and analyze attack data.

Work continues on this project to add additional control system components, such as HMI or control server, to the SCADA Honeynet.

Link to SCADA Honeynet Software Images for Download
Link to SCADA Honeynet SCADApedia Page
Link to Two-Page SCADA Honeynet Brochure

The U.K. Government Centre for the Protection of National Infrastructure funded the initial development of the SCADA Honeynet.

IDS Signatures

Digital Bond developed IDS signatures for the DNP3, ICCP and Modbus TCP protocols. These signatures identify rare and potentially dangerous activity on the network such as repeated reboots, unauthorized writes, and incorrect length messages. The signatures were developed for Snort, but they have been since integrated into almost every commercial IDS sensor.

Link to IDS Signatures for Download
Link to IDS Signature SCADApedia Page
Link to Two-Page IDS Signature Brochure [Coming Soon]

The U.S. Department of Homeland Security funded the Modbus TCP and DNP3 signature developement. Secureworks funded the ICCP signature development.

Main menu: