Submission + - Security Researcher Creates Database of 300k Known-Good SCADA Files
The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, from dozens of vendors. Among the vendors represented in the database are Advantech, GE, Rockwell, Schneider and Siemens. The project is the work of Billy Rios, a former Google security researcher who has worked extensively on ICS and SCADA security issues. WhiteScope is a kind of reverse VirusTotal for ICS and SCADA files, allowing people to determine which files are known to be good, rather than which are detected as malicious.
He said via email that the current iteration of the database is just the first version and that it represents about half of the software he has.
“I have 300,000 files in WhiteScope right now, and I plan to have half a million files in WhiteScope by the end of the year. I’ll have over a million the first quarter of 2015,” Rios said.
“Getting access to the software is the most difficult part, to get the artifacts that allowed WhiteScope to be created, it took over 5 years. If someone was more focused, they could probably do it in less time.”