There is still little information about SCADA vulnerabilities and attacks, despite the growing awareness of security issues in industrial networks. As is the case with IT security, owner-operators are often unwilling to release attack or incident data. However, unlike IT products and protocols, there are not the sort of public repositories of vendor advisories and vulnerabilities in industrial devices. Although some vulnerability research is being conducted in this area, very little has been released publically and no "SCADA security tools" (whatever that might mean) have been released to the public.
To address these limitations, this goal of this project is to provide tools and to simulate a variety of industrial networks and devices. We see several uses for this project:
* Build a HoneyNet for attackers, to gather data on attacker trends and tools
* Provide a scriptable industrial protocol simulators to test a real live protocol implementation
* Research countermeasures, such as device hardening, stack obfuscation, reducing application information, and the effectiveness network access controls
No comments:
Post a Comment