FoxGuard Solutions Provides Patch and Update Solution for Energy Delivery Systems

Christiansburg, VA. January 24, 2018 – FoxGuard Solutions is excited to be presenting our collaborative Cybersecurity for Energy Delivery Systems (CEDS) project with the Department of Energy (DOE) at Distributech this week.

PATCHING AND UPDATING IMPROVES CYBER SECURITY
Patching and updating equipment and networks for cyber security is time intensive and can be risky because updates can stop system processes. By combining multiple patch sources into one, FoxGuard’s patch aggregation solution reduces the risk to energy delivery providers. Centralized patching reduces compliance, resource and scope burdens ensuring that security patches are not overlooked by delivering them in a timely manner. Existing regulatory compliance requirements such as NERC CIP v6 make the solution attractive for energy delivery systems (EDS). This capability is relevant, timely and critical for the security of our nation’s electrical grid.

RESEARCH AND DEVELOPING THE SOLUTION
The Patch and Update Management Program accommodates third party and legacy components supporting both traditional Information Technology (IT) found in industrial control system environments as well as Operational Technology (OT) devices. FoxGuard Solutions researched a variety of options and opted to partner with TDi Technologies to use their existing toolset to collect baseline asset information from Operational Technology (OT) devices found in the electric industry. Traditionally collecting baseline information (vendor, version, model number) from devices such as programmable logic controllers (PLC’s), relays, remote terminal units (RTU’s) and sensors was completed through the manual curation of the data from plant or substation floor walk downs. Using TDi’s asset information gathering tools, the end user can now collect information from these devices in a safe and reliable way that does not impede service. The information collected is stored on premise within the electric utility and the anonymized asset data is shared with FoxGuard. This secure asset data is managed efficiently through FoxGuard’s Asset Analysis Tool; allowing the consolidation and normalization of large amounts of data for patch reporting. Once the Asset Analysis process is complete, security patches, along with vendor provided hash files, are reported, where available, from the data aggregator service. Additionally, FoxGuard provides a way for customers to identify and verify the integrity of the aggregated patch data for energy delivery control system software and firmware. Together with TDi, FoxGuard has also automated Patch Gap reporting, providing a quick and efficient process to notify end users which security patches need to be installed in order to bring a device completely up to date. Patch Gap eliminates the guesswork and chronological patching methods of old by saving valuable time. Lastly, FoxGuard also built a Validation Training Program for end user utilities modeled after similar successful programs that have been executed for more than ten years for OEM partners.
This work was enabled by a $4.3 million Cooperative Agreement awarded in 2013 as part of the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) program.

DEMONSTRATION HIGHLIGHTS
FoxGuard Solutions, Inc. and TDi Technologies presented the Patch and Update Management Program at the FoxGuard headquarters in Christiansburg, VA on July 13, 2017. Representatives from the DOE and other agencies, electric utilities, other CEDS project participants, and an electric utility cooperative consortium attended. FoxGuard also hosted Virginia Congressman Morgan Griffith (R-Salem) for a tour of facilities and to provide him with an overview and demonstration of the Patch and Update Management Program. A second demonstration was presented at TDi Technologies headquarters in Plano, TX on September 28th, 2017 also bringing together representatives from the DOE and electric utilities. The demonstrated end-to-end solution for EDS fills an important cyber security gap.

WHO IS FOXGUARD?
FoxGuard Solutions develops custom cyber security, compliance and industrial computing solutions. FoxGuard provides reliable, secure and configurable patch management reporting services, which include availability reporting and applicability analysis for information technology (IT) and operational technology (OT) assets used in critical infrastructure environments. 

 

LINKS:
PR Newswire – https://www.prnewswire.com/news-releases/foxguard-solutions-provides-patch-and-update-solution-for-energy-delivery-systems-300587908.html?tc=eml_cleartime

 

 
Media Contact
Marcie Killen
Marketing Manager
p. 540.382.4234 x152

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Compliance Updates for January, 2018

UAE RoHS

Last month our blog centered on UAE RoHS, which became mandatory as of January 1, despite the unknowns and the difficulties in the registration process.  Although the expected Notified Bodies have not been certified yet by ESMA, certificates of UAE RoHS compliance are already being issued directly from ESMA, with several hundred applications awaiting processing.

If you have a product you would like to register for UAE RoHS and are having difficulty submitting your technical documentation and application, please reach out to Design Chain Associates(1) expert, Michael Kirschner (mike@designchainassociates.com).

Details of the UAE RoHS regulation can be found online at http://www.esma.gov.ae/Documents/Restriction%20on%20Hazardous%20Substances.pdf

REACH is now at 181 Substances

Seven substances have been added to the Substances of Very High Concern (SVHC) list, including Chrysene, Benz[a]anthracene, Cadmium Nitrate, Cadmium Hydroxide, Cadmium Carbonate, “Dechlorane Plus”TM [covering any of its individual anti- and syn-isomers or any combination thereof], and Reaction Products of 1,3,4-thiadiazolidine-2,5-dithione, formaldehyde and 4-heptylphenol, branched and linear (RP-HP) [with ≥0.1% w/w 4-heptylphenol, branched and linear].

This brings the total number of SVHC to 181.  FoxGuard will send out a request for updated REACH Declarations in the near future.

Energy Consumption in Mexico

On January 13, 2018, the catalog of products for which manufacturers, importers, distributors and traders must provide energy consumption information to CONUEE (National Commission for the Efficient Use of Energy) came into force, replacing the previous catalog published in 2010.  The regulation applies to new equipment which is manufactured or imported as of the entry into force of the catalog. 

The 44 products in scope of this legislation include the following information technology equipment:

  • Desktop computers
  • Printers (weighing more than 15kg)
  • Computer monitors

Included in the legislative document are details about the format for delivery of the information, which must be submitted electronically to CONUEE.  The document, including the catalog, can be accessed online at http://dof.gob.mx/nota_detalle.php?codigo=5504415&fecha=14/11/2017.

In addition, effective April 25, 2018, certain external power supplies must comply with required efficiency values. Details of NOM-029-ENER-2017 can be found online at http://www.dof.gob.mx/nota_detalle.php?codigo=5502802&fecha=27/10/2017

Bureau of Indian Standards adds Products to Compulsory Registration Scheme

In August 2017, India’s MEIT issued Notification S.O. 2742(E), adding 13 products to the List of Electronics and IT Goods under Compulsory Registration Scheme, bringing the total list of products 44.  For the industrial IT realm, the addition of UPS/Inverters of rating ≤10kVA complements the previous listing of UPS/Inverters of rating ≤5kVA.  Also added to the list are monitors up to screen size 32” (note previous listing of monitors of screen size greater than 32”, making monitors of any size subject to the Compulsory Registration Scheme now).

The additions enter into force on February 17, 2018.

Notification S.O. 2742(E) can be found online at http://crsbis.in/BIS/app_srv/tdc/gl/docs/Gazette_notification_phase_3_CRO.pdf

The entire List of Electronics and IT Goods under ‘Compulsory Registration Scheme’ for Self-Declaration of Conformity can be found online at http://www.bis.org.in/cert/ProdUnManCert.asp.

 

 

Patch Gap: Not As Wide As It Seems

We all know that patch management is time consuming, resource intensive, complicated and riddled with compliance requirements. Let’s be honest. A healthy patching program can be expensive. In 2013, the US Department of Energy said the same thing and commissioned FoxGuard Solutions to simplify the process for energy delivery industrial control systems via a Cybersecurity for Energy Delivery Systems (CEDS) project. Jump ahead four years later and it’s time for you to reap the benefits of your tax dollars.

FoxGuard Solutions has partnered with TDi Technologies to develop a Patch Gap solution that is intended to not only simplify patch management, but to provide intelligence along the way. Essentially, TDi’s Consoleworks platform has been customized to gather asset information, specifically your installed patch level, to securely pass over to FoxGuard. From there, FoxGuard is able to determine which patches need to be installed to get your assets “current” and secure. (There’s lot of wand waving and secret sauce in there, but it’s important to understand that FoxGuard is able to do this because we can determine what TYPE of patches, as well as the RELATIONSHIP between the patches, are applied on each asset.) This means that if your relay is three updates past due, FoxGuard will assess each missing patch and determine if all three patches are cumulative, as well as security patches, so we will only pass back the most recent patch. Once that patch is installed, you’re up to date! (And secure. Did I say that already?!)

Once FoxGuard has completed its magic wand waving, we pass this information back to Consoleworks. From there, you will be able to see the patch details and be able to assess which patches you want to install now or mitigate to install later. This integrated process is able to happen on a scheduled basis so you don’t have to worry about the details. (We just saved you time AND money. See what we did there?) You can focus on your day job and keep the lights on.

Have we talked compliance yet? Since FoxGuard is providing due diligence to check every asset no less than every 35 days, we can attest that all of your items have been checked. This makes auditors happy. Happy auditors make all of us happy.

So now that you understand what we’ve been up to, give us call. Our team LOVES to talk about this project and find ways to help.

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Meltdown, Spectre and BSOD

Source: Trace Bellassai, Client Operations Engineer

In the time since we last visited Meltdown and Spectre, patches have been released in a frenzy to try to make your devices more secure. In that frenzy, however, some problems with the patches were not caught before they were released to users. At least that was the case with Microsoft and Windows 10.

As people applied the patch for Meltdown, they began to see their systems stuck and unable to boot, or crashing with a BSOD. Microsoft realized this relatively quickly and found the issue to be antivirus software making unsupported calls into the Windows kernel memory. Up until now, though it was not a supported call, it worked due to kernel table sharing user memory space. Patching Meltdown means separating the kernel table from user space, hence breaking a method used by many antivirus software applications. In order to prevent these boot locks and BSOD’s, Microsoft has instructed antivirus software vendors to set a registry value, which would flag Microsoft Update to show that their software will work alongside the Meltdown patch. After this registry value has been set, Microsoft will then allow the patch to be applied. Since Microsoft’s updates are now cumulative, this means this registry value will need to be set to receive any updates going further, at least currently and for the near future. A list of which AV vendors currently support the new patch, as well as which set the registry value required by Microsoft, can be found at the bottom of this post¹, but it is recommended to check directly with your AV vendor for compatibility with the patch.

Many users of older AMD Athlon chips have also reported their systems becoming un-bootable after applying the Microsoft Meltdown updates. For this reason, Microsoft has delayed pushing the patches to some machines with AMD Athlon chips. This, however, does not seem to be exclusive to AMD. Intel recently released a statement that they have received reports of reboot issues after applying firmware updates to Broadwell and Haswell CPU’s. Intel is currently working with customers to diagnose and resolve this issue and recommends users continue to install available security updates.

Since Spectre “tricks” one program into disclosing secrets to another, it is important to not only update your operating systems and firmware, but update any piece of software you have on your computer. The latest Nvidia drivers included an update to this affect, which was misinterpreted by many to mean that the Nvidia GPU’s are susceptible. Nvidia CEO Jensen Huang has clarified this by stating “I am absolutely certain that your GPU is not affected”, and explaining that the update includes fixes for their software, and not for any GPU vulnerability. Since Spectre uses speculation as to whether it can access an array element, the mitigation recommended by ARM and Intel is to insert serializing instructions between testing the array size and accessing the arrays element. Some vendors, such as Apple, have also begun to obfuscate memory addresses so that if an attempt is made to speculate those addresses, it will speculate the wrong address, which won’t be useful to the attacker.

FoxGuard again recommends keeping all devices and software up to date with current security patches. It is important to get in touch with your antivirus vendor to discover if they are setting the Windows registry values that will allow you to continue to receive Windows updates.

For more information on these vulnerabilities, please see:

¹https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview

https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/

https://techcrunch.com/2018/01/10/nvidia-ceo-clarifies-its-gpus-are-absolutely-immune-to-meltdown-and-spectre/

http://www.zdnet.com/article/windows-meltdown-spectre-update-now-some-amd-pc-owners-post-crash-reports/

http://www.zdnet.com/article/microsoft-no-more-windows-patches-at-all-if-your-av-clashes-with-our-meltdown-fix/

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

Transient Cyber Assets and NERC Regulation

One of the most difficult challenges for any security team is protecting cyber assets that frequently move from one place to another (i.e., are “transient”). The challenge is 2-fold: (1) how an organization protects against what can happen when a transient system moves to a network that has inadequate security controls and (2) how an organization protects against what can happen when a transient system moves to a network that contains critical infrastructure or other sensitive assets. If not properly managed – transient systems can become a high-risk attack vector for compromising critical infrastructure. Due to organizational silos in large utilities there are often multiple different versions of TCA’s inside organizations increasing the attack surface. Recognizing this risk, the North American Electric Reliability Corporation (NERC) recently introduced enhanced requirements in its Critical Infrastructure Protection (CIP) standards to ensure regulated entities minimize the risk TCA’s can pose to critical infrastructure. NERC CIP 10-2 Requirement 4 documents the new requirements.    

  • Transient Cyber Asset Management (e., introduce management to ensure compliance with applicable requirements)
  • Transient Cyber Asset Authorization (e., introduce management to ensure TCA’s are used only to perform business functions)
  • Software Vulnerability Mitigation (e., introduce one or more methods to mitigate vulnerability risk)
  • Introduction of Malicious Code Mitigation (e., introduce one or more methods to mitigate risk from the introduction of malicious code) 
  • Unauthorized Use Mitigation (e., introduce one or more methods to mitigate risk from unauthorized use) 

NERC affected entities must now extend their security program to improve the security posture of transient cyber assets (TCA’s). Although many NERC guidelines may be prudent for TCA’s – there are now specific requirements that affected organizations must address. Through the introduction of process and technology – organizations must now ensure that all software on TCA’s are known, appropriately patched, and scanned for vulnerabilities. Also. TCA’s must include specific security solutions like anti-virus, application whitelisting, and more. Meeting these objectives on systems that are dynamic may seem daunting for affected organizations. To meet the requirements organizations need to re-think management of their TCA’s – and greatly improve their security posture. Organizations should look to institute operational procedures that ensure TCA’s are as secure as possible. One approach to meet this objective is introducing an automated “Gold Image” approach where every TCA periodically meets a defined security baseline. From there additional automated tools can be leveraged to ensure the systems have not moved away from the baseline nor introduced additional high-risk software or vulnerabilities.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

 

Spectre and Meltdown – New Vulnerabilities Exposed

Source: Trace Bellassai, Client Operations Engineer

NEW VULNERABILITIES
Details have recently been released on a hardware vulnerability in several different Central Processing Units (CPU’s). These vulnerabilities affect Intel, AMD, and ARM CPU’s, though at this time it would appear that Intel is more susceptible to attack using these vulnerabilities. The vulnerabilities have been given the names “Spectre” and “Meltdown” by the researchers who discovered them. These are actually two separate, but related, vulnerabilities. At the time of this writing, the Department of Homeland Security’s Computer Emergency Readiness Team is not aware of any active exploitation of these vulnerabilities.

SPECTRE
Spectre, which affects nearly all modern CPU’s, is actually a term that refers to two vulnerabilities, a bounds check bypass, and a branch target injection. These vulnerabilities can be used to break program isolation, meaning that it can allow one program to “talk” to another in ways that were not intended by the software designer. This can lead to one software tricking another into revealing “secrets” such as passwords. Since the vulnerability exists at a hardware level, even error-free software designed with current best coding practices is still susceptible. The branch target injection attack leaves open the possibility to read memory from services such as a hypervisor. This has major impacts for cloud providers, which often use extremely powerful systems, and then segment out resources on the same machine to multiple customers by using a hypervisor. Using Spectre, an attacker could potentially infect a virtual system used by customer A, and extract data from the virtual system of a completely separate customer B, simply because they share a system from the same cloud provider. Spectre is harder to exploit, but is also harder to patch.

MELTDOWN
While Spectre allows one application to steal sensitive information from another, Meltdown is a different case. Meltdown, which affects Intel CPU’s (produced after 1995), and largely is ineffective against AMD and ARM (though it’s possible the new ARM Cortex A-75 is affected), allows for the possibility of accessing privileged kernel memory from user space. Daniel Gruss, one of the researchers who discovered the vulnerability, referred to it as “probably one of the worst CPU bugs ever found”, and it’s easy to see why he would say this. With Meltdown, the attacker does not need to target a specific piece of software for attack, but rather can attack the operating system itself to extract secrets. This opens up the possibility for any information being processed by the CPU to potentially be stolen. Meltdown is easier to exploit than Spectre, but is also easier to patch, with a caveat. The way Meltdown would be patched is by separating the kernel table from user memory space. The kernel table is held in user memory, but is access protected. Meltdown, however, bypasses this protection. Separating them out would be the easiest way to mitigate the vulnerability, but could also deliver performance hits, reducing performance by up to 30% for some tasks.

HOW PROTECT YOUR SYSTEM
Both of these vulnerabilities need code to be executed on the host machine for an exploit to take place. This likely means that a different vulnerability will need to be exploited for the code to be executed unknowingly. FoxGuard would like to stress how important it is to not run programs, or insert USB devices from unknown or unreliable sources. Patches are being developed, or have been developed for both Spectre and Meltdown. Patching will also minimize the attack surface for an attacker to execute the code required to exploit Spectre and Meltdown. Therefore, as always, FoxGuard recommends staying as up to date as possible with current security patches by using a robust patch management solution. Many Linux distributions, as well as Android, Microsoft, and Apple have already released patches to mitigate one or both of the vulnerabilities. Major cloud providers, such as Amazon, Google, and Microsoft have also stated that they have already deployed patches as well.

The best place to check for these updates will be the hardware vendor sites (Dell, HP, etc) as well as operating system vendor sites, and update tools built into your operating system. Please reach out to your vendor if you need assistance in locating these patches.

More information can be found using the below links:

https://googleprojectzero.blogspot.com/2018/01/
https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities
https://spectreattack.com/
https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

 

2017 Year In Review – Hacking your power tools

FoxGuard was pleased to be included in the list of top Archer News stories from 2017.  Archer News traveled the world in 2017 and found FoxGuard’s very own Monta Elkins presentation, “Disassembly and Hacking of Firmware Where You Least Expect It:  In Your Tools”, to be among the top of the highlight reel of 2017 security news.  Watch here and pay close attention around the 0:52 mark.  

Source:  http://www.archersecuritygroup.com/year-review-traveling-hacking-spam/

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Securing Transient Cyber Assets – 5 things to consider

SECURING TRANSIENT CYBER ASSETS – 5 THINGS TO CONSIDER

One of the most difficult challenges for any security team is protecting cyber assets that frequently move from one place to another (i.e., are “transient”.

 

 

Deadline for Federal Contractors and Subcontractors, Protecting Unclassified Information

Deadline for Federal Contractors and Subcontractors

 

December 31, 2017 marks the deadline for compliance with NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.

 

Controlled Unclassified Information (CUI) is “any information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended”. (1)  A Nonfederal Information System is an information system that does not meet the criteria of a Federal Information System, namely, “used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency”.  A Nonfederal Organization is “an entity that owns, operates, or maintains a nonfederal information system”, including federal contractors and subcontractors, State and local governments, colleges and universities, and independent research organizations.  CUI categories include (but are not limited to) Controlled Technical Information, Critical Infrastructure Information, Information Systems Vulnerability Information, Procurement and Acquisition, and Proprietary Business Information. 

 

The requirements in NIST SP 800-171 are derived from FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems, and the moderate security control baseline in NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, both of which are part of the Risk Management Framework (RMF).  NIST SP800-171 includes requirements in the areas of Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communications Protection, and System and Information Integrity.

 

Federal contract awards are dependent on compliance with NIST SP 800-171.

 

More information on the publication can be found at https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final

 

  • Executive Order 13556, Controlled Unclassified Information
  • NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

FOXGUARD SOLUTIONS CYBERSECURITY PROTECTING OUR NATION’S MILITARY BASES

FoxGuard Solutions, Inc. was awarded distinguished Department of Defense and Department of Energy’s  ESTCP Cybersecurity for Building Automation Systems

CHRISTIANSBURG, Va. December 7, 2017 – FoxGuard Solutions, Inc. was awarded a grant from the Department of Defense to develop a “Cybersecurity Platform for Energy Management and Control Systems”. The program is through the Secretary of Defenses Office and is targeted at protecting military installations across the world of cyber-attack.
 
ABOUT ESTCP:  The Program’s goal is to identify and demonstrate the most promising innovative and cost-effective technologies and methods that address DoD’s high-priority cyber security requirements.  

DoD NEED:
The Department of Defense (DoD) is the largest single consumer of energy in the United States. It operates over 500,000 buildings and structures with diverse inventory encompassing barracks, commissaries, data centers, office buildings, laboratories, and aircraft maintenance depots. A majority of these bases are largely dependent on a commercial power grid that is vulnerable to disruption from cyber-attacks, aging infrastructure, weather-related events and direct attack. In an effort to reduce energy costs, increase security and improve energy resiliency, DoD has adopted a cyber security strategy for fixed installations.

FoxGuard Solutions was tasked with researching, developing, and demonstrating technology and techniques to identify and monitor BacNet field controllers for vulnerabilities, continuous monitoring of security controls, identify patches for Building Automation Systems software, hardware and firmware, while also facilitating the deployment of those patches. 

KEY ELEMENTS:
• Building Automation System Asset Discovery
• BacNet Vulnerability Scanning
• Patching Building Automation Systems
• Continuous Monitoring of Cyber Security Controls

The program is based around the Risk Management Framework (RMF) to help DoD control system owners continuously monitor Building Automation Systems for vulnerabilities. 

AboutFoxGuard Solutions, Inc.:
FoxGuard Solutions develops custom cyber security, compliance and industrial computing solutions. FoxGuard provides reliable, secure and configurable patch management reporting services, which include availability reporting and applicability analysis for information technology (IT) and operational technology (OT) assets used in critical infrastructure environments. 

 

 
Media Contact 
Marcie Killen
Marketing Manager
p. 540.382.4234 x152