> Hello, > > I am interested in writing security checks for SCADA specific applications and protocols. Since there are a number of applications nad protocols for power, hvac and water systems, I wanted to see if anyone on the list would be interested in collaborating on this. If so, please let me know. > > -dave
Dave I have been following this string with a fair amount of interest as I have performed more than a few Risk Assessments for Utilities (water, gas, electric) companies utilizing SCADA. It has always been assumed by these companies that the separation between their SCADA systems and corporate networks was clearly delineated. Not so. As a member of the ISA (Instrumentation, Systems and Automation Society) I have been lending a hand writing the SP-99 SCADA IT Security Standard and see the gap in my SCADA-specific testing with regards to Nessus. Corporate and SCADA systems are now more fully intertwined than ever. With the proliferation of Ethernet-based SCADA networks (and WIRELESS) - I would like to see plugins that start out by testing for banners on SCADA servers and target specific SCADA-based port utilization on the firewalls and routers. Once that first step is taken, it should open up other plugin opportunities. I am not a programmer, but perhaps I can help with insights and requirements. Best regards, Scott Lovrien, CISSP IT Security Architect ReddShell Corporation 6334 S. Racine Circle Suite 202 Centennial, CO 80111 (303)662-1400 http://www.reddshell.com Security is not a destination, but a journey. Don't opt to travel ALONE. _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
