ABOUT THIS EPISODE
Digital Bond developed the Bandolier Security Audit Files with some research funding from the US Dept of Energy back in 2006 - 2008. They worked well, but required ICS vendor commitment to keep them current and promote their use.
OSIsoft is a great example of what is possible. They not only continued the Bandolier Security Audit files they improved and expanded them including:
- migrating them to PowerShell so Nessus was no longer required
- expanding them to more PI components and applications
- releasing them on GitHub and building a community around them
- integrating them into the deployment process to verify installations are secure
I talk with Harry about all this as well as the plans for the future that include adding a configuration capability to what they call the PI Security Audit Tools so it is more than audit.
The last 10 minutes of the podcast we discuss the OSIsoft flags at past S4 Events and those planned for S4x18. If you will compete in the S4x18 CTF, this is a must listen.
Links from OSIsoft
PI Security Audit Tools Repository and wiki
PI Square Security Group
For a heads start on the PI System CTF challenges, competitors can bookmark the PI system cyber security page and get familiar with the PI Web API.
PI System Cyber Security page
PI Web API online documentation