[ISN] Industry's first SCADA vulnerability database launched

From: InfoSec News (alerts@private)
Date: Mon Mar 17 2008 - 00:39:23 PST


http://www.computerworld.com.au/index.php/id;791452543

By Sandra Rossi 
Computerworld
13/03/2008 

The industry's first cyber-security vulnerability database for 
industrial control systems was launched this week by security solutions 
provider Wurldtech Security Technologies.

The vendor provides solutions to operators of SCADA, process control 
systems worldwide and has dubbed the new database Delphi.

It is designed to provide vendors, operators, system integrators, and 
service providers unparalleled visibility into the reliability, safety 
and security of the systems and networks essential to the operation of 
the world's critical infrastructure.

Wurldtech CEO, Tyler Williams, said the company understands the unique 
security challenges facing the industrial automation industry today, 
particularly when attempting to address the issue of securing legacy 
industrial control systems.

"Our mission is to provide meaningful cyber-security solutions to 
safeguard the integrity of critical industrial automation and we are 
proud to announce Delphi, yet another tool to help our customers 
accurately identify real risks and make better-informed decisions to 
protect their industrial operations," he said. As cyber-security risks 
increase in frequency, severity and sophistication, Williams said the 
process of managing the security of SCADA and process control systems is 
becoming extremely difficult.

Currently, security solutions for legacy industrial control systems are 
delivered through a small number of companies and disparate commercial 
products from different vendors lack integration and interoperability.

The end result, according to Williams, is a high degree of complexity, 
increased operational costs, limited visibility and reliance on 
inappropriate data to make critical security decisions.

"For a majority of industrial organizations, the outcome is a weak 
security risk profile - an insecure network infrastructure, incomplete 
regulatory compliance, security audit failures and increased security 
management costs that are not in line with business objectives," he 
said.

Joe Weiss of Applied Control Solutions, LLC, said a major industry 
challenge is the lack of known specific security risks that could impact 
the reliability and availability of industrial control systems.

"Delphi will be the most comprehensive database of known and unknown 
risk profiles for industrial control systems to serve as a knowledge 
base to guide operators, integrators, and industrial professionals as 
they implement security plans and strategies."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Mar 17 2008 - 00:58:27 PST