Dec 1, 2017
Digital Bond developed the Bandolier Security Audit Files with some research funding from the US Dept of Energy back in 2006 - 2008. They worked well, but required ICS vendor commitment to keep them current and promote their use.
OSIsoft is a great example of what is possible. They not only continued the Bandolier Security Audit files they improved and expanded them including:
I talk with Harry about all this as well as the plans for the future that include adding a configuration capability to what they call the PI Security Audit Tools so it is more than audit.
The last 10 minutes of the podcast we discuss the OSIsoft flags at past S4 Events and those planned for S4x18. If you will compete in the S4x18 CTF, this is a must listen.
Links from OSIsoft
PI Security Audit Tools Repository and wiki
https://github.com/osisoft/PI-Security-Audit-Tools
https://github.com/osisoft/PI-Security-Audit-Tools/wiki
PI Square Security Group
https://pisquare.osisoft.com/groups/security
For a heads start on the PI System CTF challenges, competitors can bookmark the PI system cyber security page and get familiar with the PI Web API.
PI System Cyber Security page
https://techsupport.osisoft.com/Troubleshooting/PI-System-Cyber-Security
PI Web API online documentation
https://techsupport.osisoft.com/Documentation/PI-Web-API/help.html