In October 2018, Digital Bond turned 20. I thought before moving on to 2019 and starting our 21st year I’d reminisce a bit and thank the many employees over the past 20 years (see the list at the end of the article).

Roger Collins and I started Digital Bond with $75K of friends and family money and our free labor to create a smart card based solution to secure online brokerage transactions. Online trading was just starting then and quit your job and become a “day trader” was a thing as the market boomed. Our product would create the “digital bond” for your transaction with elliptic curve digital signatures performed on card to provide strong user and content authentication, as well as non-repudiation, for each transaction.

The product worked and the attack demo was compelling, but we never succeeded in getting a big brokerage to beta. I could blame the dotcom bubble bursting, but it was more likely we were too early for the market (a trend you will see in research below) and we didn’t sell and market it right. We moved to consulting and firewall sales/installation to pay the bills and keep trying for another year.

A funny thing happened though, I found that I enjoyed consulting. It not only paid the bills, but allowed us to pay back the early investors. Roger, a product guy, left Digital Bond, and a couple of others and myself stuck with consulting. First trying to dominate Florida and then expanding out to a global market in specific vertical sectors.

The real eye opener was our first assessment of a SCADA system in a large water utility in 2000. It was dumb luck getting the work, and I’m thankful that utility tracked us down and are still a client. This “SCADA” was new and fascinating to me, and it was great to go out and see how things actually work. It also was immediately obvious that this was an area with little security and a need for security. It took another two years before we got enough ICS business where we could focus exclusively on this space, but I was hooked from the first assessment.

I started my ICS security blog on 1 Oct 2003 … and the first article was Security Monitoring and Intrusion Detection (see the article at the bottom). I had spoken at a Telvent (now Schneider) User Group Conference and was amazed how difficult it was to convince them that a) passive monitoring was possible and b) it could detect things and have value. I’ve been writing on ICS security ever since although the site has changed many times.

Given the dearth of ICS security information and combined with the extremely conservative, you can’t do this, attitude in the space, our content was well received and even sought after by the small minority that was interested in the topic and moving forward.

We continued the ICS security consulting with typically a team of 3 or 4 consultants, and then started doing research for the US Government, primarily DHS and DoE. In 2004 DHS funded and we created Modbus TCP IDS signatures, the first ever IDS signatures for ICS. This was followed by DNP3 signatures. Since I had been a bitter feeling about being a product business and was very early again for the market, we gave this and all future research results away for free. Our work was mostly proof of concept results. Yes you could customize these ICS approaches for ICS.

Here are some of the Digital Bond research projects, mostly from the 2004 – 2010 timeframe:

  • Bandolier Security Audit files for Energy Sector ICS (some still in use and OSIsoft has taken this effort, expanded it, and moved it to PowerShell. This and our Snort signatures were our most widely used research.)
  • Snort Preprocessors for Modbus, DNP3, and EtherNet/IP (a precursor to the DPI and protocol parsing you see today)
  • Portaledge OT SIEM (used OSIsoft’s PI to aggregate and correlate security events to detect attacks)
  • The first ICS plugins for Tenable’s Nessus Scanner
  • A medium interaction Honeypot that appeared to be a Modicon PLC (actually deployed some in ICS facilities, crickets)
  • Redpoint – nmap NSE scripts for ICS protocols (circa 2014 – 16)

It was fun work, if not very financially wise given our very low overhead and government accounting rules. This should have been a red flag for me, but I missed it. We peaked at a very talented team of 14 employees and contractors, and then the mortgage bubble burst / 2009 stimulus occurred. You would think that a huge government stimulus would be great for a company that does primarily government funded research. It almost killed us. Our contracts, with approved funding, got put to the bottom of the pile because they were so small. The government had to spend a lot of money fast, and even our simple to renew with already approved funding contract ended up being delayed over a year. We had a big team facing an at least six-month funding gap.

So almost all the talent left, which is a nice way of putting it. Fortunately, I didn’t have to fire anyone. They were talented enough that when I said we won’t have any money to pay you in a few months, they were able to find good work. Only in the last two years have teams surpassed the size and talent we had put together back then.

After that I decided to stop trying to grow the business for at least a year; to take a break and just do some consulting. Surprisingly enough the business has improved consistently since then. We have never had more than 5 employees since that time, and often it was two or three. Today it is one, me. I didn’t enjoy managing people, and clearly could only fake it for a short bursts before leaving the employees to figure out things for themselves. Some thrived on that, others I let down as a manager.

The things I know Digital Bond was able to provide for all that worked here were good ideas for research projects, the time to work on those projects, a chance to be hands on with ICS in a variety of sectors, and help with growing their personal brands. For the last item, I would give every new employee a copy of Tom Peters’ Brand You 50, and help them work through a strategy for their personal brand. They got what they put into that personal branding effort.

In the middle of our research phase we started S4 in January of 2007. The impetus was Matt Franz on our team had found vulnerabilities in the ICCP stacks and felt there was no where he could present them where people would know enough about ICS and security to understand his talk. As a sidelight, this also started the first heated ICS vulnerability disclosure debates including across the room yelling from some very prominent people at a DHS PCSF (pre-ICSJWG) meeting.

The first S4 was two days and about 40 attendees. Somehow I managed to convince Whit Diffie to keynote, and the content holds up more than 10 years later. The first 4 S4 events were simulcast live, an uncommon thing back then, and included papers that were published in a book that typically sold about 500 copies. It was all very technical then, like Stage 2: Technical Deep Dives is today.

Over time we outgrew the case study rooms, then the FIU Kovens ballroom, and moved down to Miami South Beach and the Jackie Gleason / Fillmore where the event is held today. S4x19 this month will be 3 days on 3 stages with 500+ people in attendance. We tried a 1-day S4xJapan in Tokyo for 3 years and a 2-day S4xEurope in Vienna for 2 years. I was always pleased with the content, and the attendees rated the events high. In the end it was more work than it was worth, and it detracted from growing the Miami Beach event. So we stopped both the Japan and Europe events in 2017, and have focused on the Miami Beach event and the content it creates. Hopefully that will show in January.

After 20 years now, Digital Bond is me, and you see I even changed the main site from to Half my time is spent on the S4 conference every January. It is where my passion is, and I don’t see that changing in the next 3 – 5 years. It is an opportunity to talk to smart people, from a variety of different fields and viewpoints, with the latest information and new ideas. It also is the best way I’ve found to scale my contribution to the industry.

The other half of my time is spent consulting. In addition to still enjoying this, I think it is hard to understand the market if you aren’t visiting ICS sites. Sites in a variety of sectors with varying ICS security program maturity.

The other half of my time is now spent writing, podcasting, speaking and putting out the S4 content on YouTube. I have a few new surprises planned for 2019 in the content area. You get the picture that I like this topic and like many loyal readers likely put in a lot more than 40 hours a week.

Here is a list of most of the full-time employees, I’m sure I missed some and apologize in advance, of the Digital Bond team since we started consulting. I think they will confirm that I’m not really a manager, but hopefully they learned a lot and I know almost all have really grown in the careers post Digital Bond. It was my pleasure working with such a universally group of good and smart people.

  • Roger Collins
  • Felix Mack
  • Jeff Dell
  • Matt Franz
  • Landon Lewis
  • Daniel Peck
  • Paul Asadoorian
  • Jason Holcomb
  • Charles Perine
  • Martin Solum
  • Kevin Lackey
  • Frank Marcus
  • Will Marks
  • Marco Cajina
  • Stephen Hilt
  • Corey Thuen
  • Michael Toecker
  • Reid Wightman (twice!)

Here is the first Digital Bond blog post: