Posts Tagged ‘Audit Check Lists’

Security Audit and Attack Detection Toolkit

August 5, 2009 Leave a comment

Department of Energy (DOE) is funding a project known as the (Cyber Security Audit and Attack Detection Toolkit) along with security companies like Digital Bond,tenable security and others, with the aim of releasing SCADA audit templates to be used with security scanners like Nessus, NetIQ and many others ( The templates are issued in OVAL format) see below. to compare security settings in the operating system and applications, including control system applications, to an optimal security configuration developed by the control system vendors like Areva and Emerson, participating companies and asset owners. The audit files will be made available as a paid subscription service.

– Comments:

1. I really think that the audit files “that can check your systems compatibility to NERC for instance” should be open source, free and available to the public. Specially that its a government funded program, at least available to researchers and SMEs who can add, review ,contribute and validate the compatibility checks. I believe this makes more sense than making the actual vulnerabilities and exploits available “check my previous post on nessus and Core Impact” to amateurs. on the other hand The project has a second phase and it includes releasing a tool to aggregate security events from a variety of data sources on the control system network and then correlates the security events to identify cyber attacks. I can see and understand that this is an extra mile and can be a paid service.

2. Using OVAL “Open Source” as the Audit files format is a wise choice, see the list of applicable/compatible products HERE

3. The project is a good indication that vendors are starting to be more involved in cleaning the mess.

More on the project / A fact Sheet ( Cyber Security Audit and Attack Detection Toolkit )

You can see below a list of the currently available Audit files (Source – SCADApedia)

List of Audit files