nCircle recently announced that they expanded coverage for the SCADA systems and devices that are responsible for managing and controlling critical infrastructure. The company specializes in information risk and security performance management.
The Department of Homeland Security (DHS) and the North American Reliability Corporation (NERC (News - Alert)) define critical infrastructure as the assets, systems, and networks that are so essential to the nation that their incapacitation or destruction would have a devastating result on national security, economic security and public health or well being.
In a release, Lamar Bailey, director of security research and development for nCircle, said, "nCircle's Vulnerability Exposure and Research Team (VERT) has been working hand-in-hand with leading energy suppliers and critical infrastructure providers in a carefully designed program to deliver safe, accurate detection of SCADA equipment, applications and vulnerabilities on production devices. We understand how important up-time is for critical infrastructure providers and that's why our program is built on supplier and customer partnerships. Because we develop scanning solutions for production networks, we develop and test our solutions in real, working environments. This precaution ensures our vulnerability detection techniques can be used safely in live production environments."
The nCircle Suite360 will now cover vulnerabilities from these equipment suppliers, namely GE Industrial Systems, Rugged Operating Systems, Arbiter, GE RTU, Schweitzer Engineering Laboratories and Lantronix (News - Alert).
Seth Bromberger, principal, NCI Security, said, "Regular automated vulnerability scanning of SCADA equipment helps operations teams identify known vulnerabilities so they can be prioritized for remediation. Vendor testing programs like nCircle's can help ensure this scanning has no unintended effects on the correct operation of this critical equipment."
nCircle's Configuration Compliance Manager, which is a part of the nCircle Suite 360, also provides policies that comply with NERC Critical Infrastructure Protection (CIP) standards. These policies reduce security risk, assist utilities automate time-consuming manual audit tasks and achieve compliance with the NERC CIP standards.