OSIsoft was a strong and early supporter of the Bandolier Security Audit Files and providing guidance to their customers on the optimal security configuration for the PI Server. They are now releasing a tool similar to Bandolier that will audit the PI Server security settings, and it does not require Nessus. You need to create an account to get the tool, but if you rely on the PI Server you should have an account for numerous reasons. Hopefully we will see less piadmin in assessments in the future.
ISA announced the publication of ISA-62443-3-3-2013, Security for Industrial Automation and Control Systems Part 3-3: System Security Requirements and Security Levels. It was approved as an ANSI standard on August 13th and is on its way to being an IEC standard. I always have a stack of drafts I intend on reading from the prolific ISA99 committee.
Tweet of the Week
Nothing this week
Worth Reading Articles
- IOActive’s FDA Guidance on Medical Devices
- Kaspersky blog Car Hacking
Critical Intelligence’s ICS Security Event Calendar Updates
- NIST Webinar – ICS Cybersecurity Guidance, Aug 28
- ICS Talks at DerbyCon, Sept 27-30 in Louisville, Kentucky
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth