Telvent has joined the ‘Bandolier’ project that is researching SCADA system security. Bandolier, spearheaded by control system security specialist Digital Bond, is a component of the US Department of Energy’s National Energy Technology Laboratory’s cyber security audit and attack detection program. The project is documenting best security practice configurations for control system application components—such as HMIs, historians, and real-time servers. An alpha version of the security audit template for Telvent’s OASyS DNA SCADA system has already been released.
While traditional ‘active penetration’ security scanning techniques can result in a system crash, Bandolier’s signature files check the system against a known configuration, identifying any variance in settings. ‘Non-invasive’ mechanisms determine if the target system meets the supplied standard. Asset owners can safely use the audit file at initial deployment to verify a secure installation and periodically over time to determine if the security posture of the control system has been modified.
Digital Bond’s Jason Holcomb said, ‘Vendor support for the audit templates is key not only to developing effective files but also to adoption. Telvent takes security very seriously and has provided resources and is sharing its lab, a Windows domain controller and all the system components under test.’ Bandolier is also to generate audit files that can be used with Tenable Network Security’s ‘Nessus’ vulnerability scanners.
This article originally appeared in Oil IT Journal 2008 Issue # 9.
For more information or to comment on this topic email here.