At the recent S4 Conference, Digital Bond and Tenable Network Security announced that they have released new SCADA plugins for the Nessus and Passive Vulnerability Scanner (PVS) from Tenable. These new plugins have been developed to help track down insecure PLC configurations which make it easier for an attacker to control critical infrastructures such as electric grids, oil pipelines or even chemical manufacturing plants.
In a release, Dale Peterson, founder of Digital Bond, said, "We felt it was important to provide tools that critical infrastructure owners can use to determine if their PLCs are at risk. These plugins identify some of the most critical configuration errors we found in Project Basecamp -- a project designed to assess the security of a set of popular industrial control system (ICS) field devices with an Ethernet interface for a common set of vulnerabilities. We plan to continue to provide Tenable Network Security with additional PLC security checks from Basecamp."
Seven new Tenable SCADA plugins have been developed for the GE D20, the Schneider Modicon Quantum (News - Alert) and the SEL 2032 SCADA PLCs or controllers. The seven new SCADA plugins include the GE D20 Default Telnet, the GE D20 TFTP Sensitive Data, the Modicon Quantum Default FTP, the Modicon Quantum Default HTTP, the Modicon Quantum Default Telnet, the Modicon Quantum TFTP Enabled and the SEL 2032 Default Telnet.
Ron Gula, CEO and CTO of Tenable Network Security, said, "Tenable's products including Nessus, and the Passive Vulnerability Scanner are designed to go beyond vulnerability scanning for workstations and servers, with functionality that assesses and monitors these special purpose PLCs in real time -- delivering a full featured ICS platform. We're working closely with many organizations that manage critical infrastructure to help safeguard their systems from external intrusion that could wreak havoc and present a threat to public safety."
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2012, taking place Jan. 31-Feb. 3 2012, in Miami, FL. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO registration click here.
Stay in touch with everything happening at ITEXPO. Follow us on Twitter.
Calvin Azuri is a contributing editor for TMCnet. To read more of Calvin’s articles, please visit his columnist page.
Edited by Rich Steeves