SCADAnCircle’s new solution offers coverage for six SCADA suppliers
Critical infrastructure is designated by DHS and the North American Reliability Corporation (NERC) as the assets, systems, and networks so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, and public health or safety; nCircle offers a security solution which covers vulnerabilities from six SCADA equipment suppliers
nCircle last week announced expanded coverage for the SCADA systems and devices that manage and control critical infrastructure. Critical infrastructure is designated by DHS and the North American Reliability Corporation (NERC) as the assets, systems, and networks so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, and public health or safety.
“nCircle’s Vulnerability Exposure and Research Team (VERT) has been working hand-in-hand with leading energy suppliers and critical infrastructure providers in a carefully designed program to deliver safe, accurate detection of SCADA equipment, applications and vulnerabilities on production devices,” said Lamar Bailey, director of security research and development for nCircle. “We understand how important up-time is for critical infrastructure providers and that’s why our program is built on supplier and customer partnerships. Because we develop scanning solutions for production networks, we develop and test our solutions in real, working environments. This precaution ensures our vulnerability detection techniques can be used safely in live production environments.”
nCircle Suite360 now covers vulnerabilities from the following equipment suppliers:
- Rugged Operating Systems
- GE Industrial Systems
- Arbiter
- GE RTU
- Schweitzer Engineering Laboratories
- Lantronix
“Regular automated vulnerability scanning of SCADA equipment helps operations teams identify known vulnerabilities so they can be prioritized for remediation,” said Seth Bromberger, principal, NCI Security. “Vendor testing programs like nCircle’s can help ensure this scanning has no unintended effects on the correct operation of this critical equipment.”
nCircle says that its Configuration Compliance Manager (CCM), included in nCircle Suite 360, also offers policies that comply with NERC Critical Infrastructure Protection (CIP) standards. These policies help utilities automate time-consuming manual audit tasks, reduce security risk, and achieve compliance with the NERC CIP standards. Additionally, CCM supports a non-intrusive, lightweight port scanning mode designed for sensitive devices such as SCADA systems.
The company notes that Suite360 now audits for over 60,000 conditions — more than any other solution.