Home RESOURCES WHITEPAPERS

WHITEPAPERS: THE FOXGUARD PERSPECTIVE INTO TODAY’S CYBER & COMPLIANCE MATTERS

 

SIGNING, HASHING & UPDATE SECURITY

FEBRUARY 2017

Creating confidence and security in your product’s pipeline

Patch Validation for ICS

FEBRUARY 2017

“Learn about how the GE and FoxGuard Experts handle Patch Validation.”

NERC CIP Simplified Solution CIP & YOUR HMI: A SIMPLIFIED SOLUTION

FEBRUARY 2017

“Discusses the process of increasing the level of security compliance for entities operating in the Bulk Electric System (BES) by putting a large amount of the burden on those that supply the assets to the utilities.”

Global Regulatory changes for IT Products STAYING AHEAD OF GLOBAL REGULATORY CHANGES FOR IT PRODUCTS

DECEMBER 2016

“Examine the challenges faced by the entire product supply chain and learn how to stay ahead of regulatory requirements and changes.”

081015-WP_cover PATCH MANAGEMENT FOR ICS

SEPTEMBER 2016

Learn the common problems most organizations face when establishing a patch management program and the best practices for handling these issues.

081015-WP_cover UPCOMING CHANGES TO MICROSOFT’S UPDATE POLICY

SEPTEMBER 2016

On August 15th, 2016, Microsoft announced some new changes for how they will offer updates for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

081015-WP_cover YOU CAN’T DO THAT IN SCADA: Vulnerability Assessments Under NERC CIP Version 5

PHIL SOBOL // AUGUST 2015

In this whitepaper, Phil Sobol, Senior Control System & Cyber Security Specialist at FoxGuard Solutions presents the security risks, compliance requirements and associated efforts around cyber vulnerability assessments (CVAs). Mr. Sobol outlines the need for utilities with High Impact Cyber Systems to conduct an active cyber vulnerability assessment to be compliant under NERC CIP Version 5 and discusses various technical requirements that must be met in order to have a successful CVA. This knowledge will help prepare your team and organization to meet NERC CIP regulatory requirements.


cover-with-borderNERC CIP PORTS & SERVICES PART II: Complying with Documentation Requirements

MONTA ELKINS // NOVEMBER 2014

Forget what you may already know about ports and services. What we are interested in is the definition of the term as it applies to NERC CIP documentation requirements. More importantly, how the terms are used during an audit. Monta Elkins, our Senior Solutions Architect, provides a technical overview of some of the tools and techniques useful when preparing for a NERC CIP audit that includes logically network accessible ports. He covers the ways to reduce the workload involved by carefully reviewing the requirements and items to watch for proper documentation.


cover-with-borderNERC CIP PORTS & SERVICES PART I: THE APARTMENT BUILDING ANALOGY

MONTA ELKINS // OCTOBER 2014

Identifying and documenting ports and associated services to meet NERC CIP documentation requirements for an audit can be a complicated and sometimes lengthy undertaking. How do you determine which ports and services you need to document for your NERC CIP requirements? This white paper reviews, or if you haven’t done computer networking before, introduces key ports and services concepts. Our Security Architect, Monta Elkins, gives insight into the concepts of ports and services using the creative analogy of the apartment building.


cover-with-borderDEVELOPING A SUCCESSFUL PATCH MANAGEMENT PROCESS

STEVEN WIRT // AUGUST 2014

Control systems in the nation’s critical infrastructure are some of the most likely systems to be targets of attack and exploitation, including Electric Utilities. In order to protect your systems, you should ensure that your patches are up to date and that they fall within the NERC CIP patching requirement standards for critical infrastructure. But when and how should you do so? Our Information Security Engineer, Steven Wirt, gives us all the answers regarding the patching process in this in-depth whitepaper.


XP MITIGATION TECHNIQUEScover-with-border

SCOTT HUDSON // JANUARY 2014

Today’s critical infrastructure sectors will soon be faced with new challenges as Microsoft® ends extended support for Windows® XP on April 8, 2014. What does this mean for industrial control environments? No more additional patches or service packs will be released, and users will no longer have access to free or paid technical support. This doesn’t mean that systems running Windows® XP will suddenly stop working on April 8, but they will become increasingly vulnerable.


HOW CERTIFICATE AUTHORITIES CAN MAKE YOU LESS SAFEcover-with-border

MONTA ELKINS // JUNE 2012

When software packages and websites attempt to securely communicate with your computer, they must first identify themselves. By examining and authenticating the digital certificates they present, your computer can decide to allow or block the transaction and verify the source. Unfortunately, there are many ways to get around this system, as demonstrated most recently by the Flame malware discovery. Here are a handful of other examples of certificate fraud and why additional security measures are necessary.


[/mmtl-text][/mmtl-col][/mmtl-row]