Skip navigation
All People > Bryan Owen > Bryan Owen's Blog > 2015 > December
2015

If the advice from DHS sounds familiar to our own "Seven best practices for securing your PI Server" (KB00833) you'd be right!

Enabling application whitelisting and updating your software are highly effective techniques.

 

Where prior studies from Australian Signals Directorate ranked effectiveness in protecting information systems (excerpt attached), we now have similar results based on data for protecting industrial control systems.

 

 

One of the main differences is DHS advice favoring one way data flow strategy with enforcement by a data diode.  Currently, we observe business with a general lack resources to manage systems isolated by data diodes so there are practical limitations to utility of this advice. As such we offer excellent partnerships with 3rd party solution providers to serve those who are poised to adopt this strategy.

 

 

You can expect OSIsoft to continue with a sharp focus on providing software based 'read-only' approaches as an effective defensive layer for industrial control systems.

 

Kudos to ICS-CERT on their analysis and releasing the "Seven Steps to Effectively Defend Industrial Control Systems".  You can find it here:

Seven Steps to Effectively Defend Industrial Control Systems | ICS-CERT

These days many people are overloaded with security related tasks.  In addition it's difficult, if not impossible, to secure what you don't know. OSIsoft is featuring lessons about PI System security at the Digital Bond S4 ICS Security Conference Capture the Flag (CTF) contest.

 

A hands on CTF experience is the next level of learning over prior OSIsoft security hackathons in 2013 and 2014.  Each of ten flags will highlight important PI System defenses.

 

As a sponsor, OSIsoft is pleased to offer you discounted registration for S4x16. Registration code “osisoft” provides the original, best price of $995 (versus current pricing of $1395).  The code is valid through Dec 18th.

 

Our team of PI System experts will be on hand at S4 to guide your learning experience. If S4 is too intense for non-security pros, consider letting your corporate security team know about this opportunity.  Either way, we’d love to see your company represented in the challenge.

 

Capture the flag challenges are prominent at security conferences for good reason. The more you know about the PI System, the stronger you can make your defenses.  Not to mention, you have a chance for CTF honors at S4x16!