From the MU Security press releases---

MU SECURITY LAUNCHES NEW INDUSTRIAL CONTROL CERTIFICATION AND AUTHORIZED PARTNER PROGRAM

"MUSIC" Certification Provides Open Migration Path to Government and Industry Emerging Standards; Honeywell leverages MUSIC

Mu Security, a pioneer in the security analyzer market, today announced new Mu Security Industrial Control (MUSIC) certification programs. MUSIC certification enables critical infrastructure and process control focused organizations to verify a diverse range of network equipment and application protocols to meet industry-defined best practices for security, robustness and resiliency testing. Certification benchmarking ensures that plant and product safety is not compromised by hidden implementation flaws in industrial control systems. Starting today, Mu is offering MUSIC Foundation- and Advanced-level certifications based upon the specified protocol coverage of the product under review. Both certification levels are validated by Mu Security or select authorized partners and will be publicly demonstrated and presented August 13-16 at the ACS - Cyber Security Conference in Knoxville, TN. Using the Mu-4000 and MUSIC's Foundation-level certification testing, Honeywell Experion® Process Knowledge System (PKS) C300 Process Controller has achieved certification for benchmarking the safety and robustness quality in implementations of Layer 2 through 4 network protocols. "Security is a not a specific product, it's an ongoing process," said Kevin Staggs, Engineering Fellow and Global Security Architect at Honeywell Process Solutions. "Mu Security is helping the industry by creating a repeatable and metrics-based process that maps to current standard tracks including the ISA SP99 draft standard." Mu-4000 Appliance offers Analysis, Documentation and Expedites Remediation The new MUSIC program leverages the award-winning Mu-4000 Security Analyzer appliance and its integrated intelligent fuzzing engine and remediation documentation suite. The Mu appliance is widely deployed at critical infrastructure, service providers, cable operators and their respective product developers as a strategic platform for validating the safety, robustness and security profiles of devices and applications. Process control customers using the Mu-4000 on site today include oil refineries, large manufacturing sites, nuclear power plants, chemical processing sites and other high-risk management facilities such as gas pipelines and electric power distribution plants. MUSIC certification incorporates proven security analysis into a product developer's existing quality and safety assurance process as an important alternative to current, labor intensive certification efforts. "In an era of reduced expenditures, many critical infrastructure users and their product vendors are eager to benchmark the safety, security and robustness of their processes to optimize capital and operational expenditures," said Jessy F. Cavazos, Industry Manager, Test & Measurement at Frost & Sullivan. "Plant managers all over the world are trying to do more with less and Mu Security's new MUSIC certification addresses the industry's need for automating standardized process compliance." All MUSIC certification program testing can be conducted using internal on-site staff or leveraging Mu-authorized partners at their facilities. Testing results are then verified by authorized MUSIC Consulting Partner labs or by Mu Security. All MUSIC program options provide an open transition to industrial control systems security specifications currently under development by Federal and Industry groups including ISA Security Compliance Institute (ISCI) and ISA SP99 groups. Both ISCI and ISA SP99 are planning to address the safety, security and robustness of manufacturing and control systems that, if compromised, could result in any or all of the following situations:

•  endangerment of public or employee safety
•  loss of public confidence
•  violation of regulatory requirements
•  loss of proprietary or confidential information
• potentially substantial economic loss
• threats to national security

Diverse Internet and Application Certification Options Available Mu Security's MUSIC certification offers two levels to meet the unique infrastructure and application needs of both users and their diverse product suppliers. MUSIC's Foundation-level Certification details network infrastructure protocol analysis: ARP, DHCP, IEEE 802.1p/Q, IP, TCP, TFTP and UDP; MUSIC's Advanced-level Certification focuses on application protocol analysis for: DNP3, FTP, HTTP, LLDP, MMS, MODBUS/TCP, SNMP and Telnet. Digitally-signed test reports for products under analysis are generated automatically by the Mu-4000 appliance and are professionally verified by an authorized partner or Mu Security Labs. Product vendors are then awarded Foundation- or Advanced-level certification, provided no relevant implementation flaws are uncovered during test and analysis. Certification details will be posted under the Mu Security Critical Infrastructure solution page at http://www.musecurity.com/music and will include:

•  Product name
•  Product version tested
•  Protocols tested
•  Unique certificate identifier
•  Test location
•  Date of testing
•  Expiration date of certification

To ensure the most comprehensive product analysis, Mu Security offers the industry's broadest set of dynamically-generated attacks and integrated reporting using its patent-pending Protocol Spideringâ„¢ technology. More than 50 protocols are available in the Mu-4000 system to proactively identify security vulnerabilities and robustness/resiliency issues resulting from protocol implementation flaws. The Mu-4000 system also provides a continuously expanding suite of published vulnerabilities for validating signature-based security systems as well as the integrated capability of driving any existing command-line scripts for automated compliance or product acceptance testing. "MUSIC certification is an essential benchmark process that applies metrics to all the worst-case scenarios of invalid protocol state, structure and semantics for all control system and networked security devices such as firewalls, gateways and IPS," said Kishore Seshadri, VP Product Management at Mu Security. "The underlying protocols that carry Internet traffic are validated by the MUSIC Foundation-level certification program. And our MUSIC Advanced-level certification process tests the resiliency of application protocols often used at process control and critical infrastructure sites."