Today we released new Bandolier Security Audit Files for two control systems: ABB’s 800xA DCS and CSI’s UCOS SCADA system. The Bandolier Security Audit Files work with the Tenable Vulnerability Scanner to audit SCADA and DCS components. For those new to Bandolier, we recommend you read the primary project page which links to other documents and even a video demonstration. These files were created with funding provided by a US Department of Energy research contract. All of the Bandolier Security Audit Files are available with a free subscription to digitalbond.com on our Bandolier download page.
ABB’s 800xA DCS is a widely deployed system, particularly in the energy sector. Bandolier Security Audit Files are available for the Engineering/Operator Workplace, Historian, Aspect Server and Connectivity Server. ABB was very helpful in providing access to their lab for the initial collection of data and testing of the files.
The Control Systems International (CSI) UCOS SCADA application is frequently used to monitor and control pipelines. The UCOS files are a bit different than other Bandolier files. The way this vendor designed the application is to be highly independent of the OS. (Note: There are pro’s and con’s to this approach from a security perspective) So we were able to apply the industry recommendations with only exceptions for settings not applicable to ICS, such as actions when logs are full, timeouts, etc. The UCOS files cover a variety of OS including Windows 7, Windows 2008 Server, and CENTOS. There is only one Bandolier Security Audit File per component for UCOS. CSI was also helpful in providing access to their lab to collect the data and even reconfigure the OS to meet industry guidelines.