By Topic

Auditing cyber security configuration for control system applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Holcomb, J. ; Digital BondDigital Bond, Inc., Sunrise, FL, USA

Buried within critical infrastructure control system applications and the operating systems on which they run are hundreds of settings that affect security. It is often difficult for asset owners to identify and audit these settings on their control system servers and workstations. Bandolier, a Digital Bond research project funded by the U.S. Department of Energy, addresses this problem. Digital Bond works with vendors and asset owners to identify the optimal security configuration for popular control system applications, and these settings are compiled into security audit files for use in vulnerability scanning tools. Over twenty application components from ten unique vendors are involved in the project. This paper examines the process of extracting security configuration data from the control system applications, describes the function of a security audit file, and demonstrates how asset owners and application vendors are using Bandolier to help secure critical infrastructure across various sectors.

Published in:

Technologies for Homeland Security, 2009. HST '09. IEEE Conference on

Date of Conference:

11-12 May 2009