Cyber security tools and methods for network penetration testing
Measure risks and vulnerabilities in your industrial networks using tools developed for electric utility applications. Video: Justin Searle explains his projects with the DOE, the resulting tools now available, and the differences between industrial and conventional IT environments.
In an interview with Matt Luallen recorded at the SANS SCADA Summit last February, Justin Searle discusses new tools for network penetration testing that he and his company, UtiliSec, developed for electric utility users. While this kind of testing is common in conventional IT environments, he discusses the specific needs of industrial networks and how methodologies need to be changed.
These tools will soon be available under the name Samurai STFU as free, open-source software, and UtiliSec is looking for information from users on how they have put them to work with potential areas for improvement and additional development. Ultimately Searle hopes to develop a community of users exchanging information and best practices.
The video also discusses differences between the specific needs of conventional IT compared to industrial users, and why there are often more similarities than one might expect.
SANS Institute www.sans.org
Peter Welander, pwelander(at)cfemedia.com