ICS Security


The OSIsoft User Conference was bulging at the seams with about 1500 eager attendees, and it seemed like even more. It was a very upbeat group looking for what else they could do with the data they are collecting. User Groups in general are so much more optimistic and effective than conferences.

PI’s new self configuring / self maintaining interfaces for AMI are potentially a big step forward in “smart interfaces”. These use the CIM standard to automatically generate, configure and maintain the tags related to a smart meter. I asked about an API for non-meter vendors to attach to a smart interface, but that may or may not be a future.

When creating my presentation, the term “Historian” was replaced with “Server” or “System”. The AMI presentation showed why with an emphasis on data acquisition and even some SCADA. I asked offline if this was the trend to move away from a pure historian approach, and an OSIsoft employee pointed out that PI has always had the ability to acquire data from PLC’s via Modbus, DNP3 and other interfaces. It is just our experience that PI got its data from other SCADA, DCS and OPC servers. Still by a percentage of PI tag forecast, smart grid tags for data acquisition look to be the biggest growth area by far and will quickly become a significant percentage of total PI tags.

DTE Energy had a presentation showing their use of PI for monitoring / Portaledge Availability-type presentation that involved primarily performance monitoring but some level of cyber asset monitoring for CIP-7. It has been up and running for a couple of years now. Almost all the questions after presentation had to do with predicting and identifying  hardware failures. A reminder that this is at the top of most control engineers minds, not security.

There was a presentation titled, “Fastest, Easiest Way to Visualize Your PI System Data”. You can run a search on PI, grab tags and automatically create a variety types of charts and tables for display. It is a new product that is scheduled for release in Q2 called Coresight. There will be a Coresight app server that will talk to the easy way to create displays. Web browsers will use Microsoft’s Silverlight to connect to Coresight. Interestingly, they had a Microsoft exec on hand to say Microsoft is committed to Silverlight.

Security vendor partners at the event:

  • Waterfall Security Solutions was here talking about their one-way security that works with PI. This is actually an interesting technology use case if you want to move back to air-gap level security.
  • Nitro Security was here showing their NitroView ESM SIEM. The PI server is another data feed for the SIEM, e.g. Portaledge Modules and any other data. What’s new is NitroView is taking process data in and running anomaly detection algorithms to identify upsets in the process. Interesting, but need to dig into this more.
  • Transpara has a product, Visual KPI, to make PI data available to mobile users on smartphones and pads. Bottom line – – it works. The risk is limited to data privacy of mobile devices. Slick solution.
  • Digital Bond was here. I presented on our Portaledge CIP-5 monitoring module and Bandolier Security Audit File for the PI server.

I had some time to talk with all these security vendors and the level of ICS intelligence in their products is a major step forward. We will blog or talk with these companies more in the upcoming weeks.

Image by The Planet