The January Edition of This Month In Control System Security Podcast features exida personnel John Cusimano and Eric Byres.
The Podcast talks with Eric Byres, founder of Byres Security, for about ten minutes on the new version of Tofino for Honeywell safety systems. This is an interesting tool to control the control system / safety system interface. Very limited in what gets through to the safety system, basically just Modbus TCP reads. It is also a zero config device which is very attractive for the ICS space.
They finish the month with an indepth interview with Andre Ristaino of ISA’s Security Compliance Institute and John Cusimano of Exida about ISCI’s new Embedded Device Security Assurance certification for PLC’s and RTU’s. It is up and running with products being tested.
The certification consists of a communication robustness test / protocol stack testing like Achilles, functional security assessment on product security features, and a security development lifecycle assessment. The first two are rather straightforward, but the third is harder to audit consistently and has legacy product issues that we discuss in the podcast.