SCADA Security Research

Digital Bond has performed SCADA Security Research for the US Department of Homeland Security, US Department of Energy, UK and Japanese governments and other government and corporate sponsors.

The research projects are primarily to develop ICS security tools that will either help protect a control system or assist in a DCS or SCADA security assessment. All of Digital Bond’s tools are available to all site subscribers – – and it is free to subscribe. Our research sponsors want the results distributed for maximum impact, and the Digital Bond SCADA Security Tools are the most widely used tools by ICS security professionals.

SCADA Security Research Approach

  1. We look for opportunities to add industrial control system (ICS) intelligence to leading IT security products. Examples of this include the Bandolier Security Audit Files for Nessus and the ICS IDS rules for Snort and other network IDS.
  2. We look for opportinities to add IT security functionality to control system components. Portaledge is an example of this where we added security monitoring capabilities to OSIsoft’s PI Historian.

All of Digital Bond’s SCADA Security Research Tools are downloadable by site subscribers. There is no charge to subscribe, and you can either login or create an account on the home page.

To stay up to date on Digital Bond’s ICS Security Tools and the other tools we regularly use in our rack, subscribe to our ICS Security Tool Mailing List.

The following tolls are now available:

  • Bandolier Security Audit Files: These audit files are used with the Nessus scanner’s compliance plugins to audit the security settings of control system components. A typical control system will have over 1,000 security settings including the OS settings, database and webserver settings, and the SCADA or DCS application settings. Digital Bond worked with the vendors, such as ABB, AREVA, Emerson, OSIsoft, Telvent, …, to identify the optimal security settings for their systems. Bandolier Security Audit Files are very useful at FAT to insure the system is installed in an optimal security configuration and periodically to verify the configuration has not degraded.
  • Portaledge Security Monitoring: The OSIsoft PI Server is an extremely popular historian that aggregates and correlates process data. In Portaledge, Digital Bond has created modules to aggregate security events and correlate these events to detect cyber attacks. There are a variety of modules including modules that meet the NERC CIP monitoring requirements.
  • Quickdraw ICS IDS: Digital Bond’s original research project was to develop a set of IDS rules for SCADA protocols. The initial rules for Modbus TCP and DNP3 have now been enhanced for EtherNet/IP, Vulnerability rules and Device Specific rules. Quickdraw also includes Snort preprocessors and plugins that allow rules for more complex control system protocols.
  • The Rack: This is a new Digital Bond research project to gather a set of security tools customized for use ICS cyber assessments. Since we name our projects after climbing gear, the Rack represents the accumulation of gear that one would take on an assessment. It will include tools from a variety of different sources.
  • SCADA Honeynet: The SCADA Honeynet appears to be a PLC. It is highly realistic with support for the management interfaces, a points list taken from an actual installation, and default parameters unchanged.

Digital Bond is always looking for other opportunities to develop useful ICS Security tools for the community that leverage existing solutions.

Image by xlibber