New security tool suite released-- but can users use it properly?

From the press release:

Berkana Resources Corporation and CIDG, Corp. Announce Industry First Comprehensive Security and Compliance Solution (CSACS TM) for Critical Infrastructure

Houston, Texas, February 18th, 2009 – Berkana Resources Corporation and CIDG, Corp. are pleased to announce the release of our Industry first, Comprehensive Security and Compliance SolutionTM (CSACS TM). CSACS TM integrates Modulo’s award winning Risk Manager™  tool with the proprietary approach to performing Security and Compliance Assessments developed by Berkana, CIDG, and Joyce & Paul, PLLC.

Leveraging the same research and years of experience used to create the Holistic Lifecycle Model TM for Industrial Security, Berkana Resources and CIDG’s new CSACS TM adds additional depth and functionality to our already unparalleled risk management and compliance services. Supported by legal counsel, our comprehensive approach begins with due diligence by helping clients establish privileged and secure communications throughout the entire process.

Once the ground rules are set, our experienced team utilizes CSACS(TM) methods and tools to assist clients with implementing a completely comprehensive and seamless risk management and compliance process that will help minimize both risk and liability.

CSACS (TM) is not just a cyber security assessment tool. It is a complete solution that was designed to provide an entire process and supporting framework for addressing Cyber, Physical and Operational security requirements for SCADA system operators in the Oil & Gas, Water and Electric Utility Markets.
CSACSTM assesses risk by examining controls, looking directly for and prioritizing vulnerabilities and can even correlate data from other 3rd party assessment tools and methodologies.

Once assessment data has been captured, CSACSTM provides an automated and customizable risk analysis engine, a Workflow Manager* to assist you with remediation, a Business Continuity and Disaster Recovery Planning tool*, and a knowledgebase to help consolidate necessary information that may be scattered throughout your organization.

In addition to incorporating our Holistic Lifecycle Model TM, including any industry standard or client policy and procedure into your compliance assessment, Modulo’s patent pending Metaframework update feature was designed to automatically keep asset owners up to date on the latest changes to industry standards, guidelines, best practices and regulatory requirements.

For additional information on Berkana Resources and CIDG’s Comprehensive Security and Compliance SolutionTM, (CSACSTM), contact Jeff Whitney or Clint Bodungen or visit our websites at or .


 The question I have is who's going to use this set of tools? We've seen over and over that traditional IT training and methodologies are often neither appropriate or applicable to the in-plant control system security environment. 

With the real dearth of plant level or enterprise IT expertise in the requirements of SCADA and industrial control system security, the very best tools may not help, and may even engender a false sense of security.

Unfortunately even the best tools can't prevent GIGO.

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p> Walt, </p> <p> You are correct.  Traditional IT training and methodologies are often neither appropriate nor applicable in PCN environments.  However, the Modulo Risk Manager tool within CSACS is simply a framework with which to run and maintain a built in process and set of methodologies that have been designed specifically for process control and SCADA environments. CSACS helps asset owners/operators build and maintain a living process towards security and compliance instead of providing an install and forget solution that may lead asset owners to a false sense of security. Since these objectives are always a moving target, it is this process that is most critical. Ultimately, since CSACS can be divided and individually managed by business function, it would be nice to see IT and PCN/SCADA using the tool together to achieve a common goal.  (Wishful thinking?  Something's going to have to bend sooner or later.)     </p>


RSS feed for comments on this page | RSS feed for all comments