Long time and loyal blog readers know that Digital Bond and myself personally were early supporters of the Achilles test platform and protocol stack certification. In fact our vocal support even resulted in a contract to help create the Achilles Level 1 Certification program. We blogged in detail on the product and certification program. Our feeling then and now is that many field device protocol stacks are too easily crashed and potentially exploited by simple fuzzing or even unexpected but legal protocol traffic. With some prodding from large oil companies, many vendors have submitted there field devices for testing, identified and fixed problems. In our view the Achilles product and certification program has been a clear net plus.
So with all that positive, why are we off the bandwagon? Marketing hype of purported industry changing programs has replaced demonstrable technical progress with clear benefits to the control system community. The latest was the announcement last week of a “A Global Center of Excellence and Cyber Security Research Institute For Energy Infrastructure Protection” was the final step. It is a classic example of taking the hottest buzzword “Smart Grid” and a few partnerships to create media buzz. And to Wurldtech’s credit it did partially succeed at achieving buzz.
Marketing departments can rarely be completely reined in and a bit of hype is expected. But we see a few of these industry changing announcements every year from Wurldtech without any serious followup results. Earlier this year we had the strategic partnership of Wurldtech and Exida that would establish “a foundation for joint development of future cyber security and safety certifications“, which actually followed an earlier and similar announcement with Kenexis. Before that we had the Delphi vulnerability database program, …
So what would get me back on the bandwagon? Take all that energy and resources spent to create program after program to achieve buzz into tangible technical products and results. Where are the announcements and information on the newest grammars [protocols supported by Achilles]? Where are the advancements in both quantity and quality of test coverage for each protocol? Where is the content explaining why this testing is important, what it is testing, result taxonomy, …. to convince more of the community this is important and help us all understand this very technical topic? Today if you look at the site you see very little technical content so Achilles is a “trust me” approach. Where is the Level 2 Certification? Where is the technical team committed for more than 6 months beyond the admittedly brilliant Nate Kube? To be fair, some of this may exist and just not being promoted, but as a close follower of the industry and Achilles in particular it is hard to point to any significant improvements over the last two years.
This is not to say that Wurldtech and Achilles are not worth supporting. Rather Achilles needs more support and focus and technical meat to get me back on the bandwagon.