BlackHat Europe 2010: SCADA and ICS for Security Experts

SCADA and ICS for Security Experts: How to Avoid Being a Cyber Idiot James Arlen, CISA Black Hat Europe - Barcelona - 2010 1

Disclaimer I am employed in the Infosec industry, but not authorized to speak on behalf of my employer or clients. Everything I say can be blamed on great food, mind-control and jet lag. 2

Credentials 15+ years information security specialist staff operations, consultant, auditor, researcher utilities vertical (grid operations, generation, distribution) financial vertical (banks, trust companies, trading) ...still not an expert at anything. 3

1/ Stop Sounding Stupid 4

Scada got sexy 5

Follow the money 6

Who's an expert now? 7

One time at security camp 8

Gotta get me a piece of that 9

Gotta get me a piece of that 10

2/ Big Things and Little Things 11

Not all ‘scada’ is SCADA 12

Big things: power grid 13

Big things: pipeline 14

Inter- connected sensors and controls under central management 15

Inter- connected sensors and controls under central management 16

Supervisory control and data acquisition 17

Little Things: chemical plant, power plant, manufacturing facility 18

Lots of individual capabilities with some orchestration 24

Programmable logic controllers 25

Industrial control systems/ Distributed control systems 28

3/ Part of a Bigger Picture 29

So if you break the computer, you break everything 30

What happens when Edna falls into the reactant vessel 31

This is the data 32

This is the data 33

This is the process 34

I know you can grok the protocol, can you break the controls? 37

I know you can grok the protocol, can you break the controls? 38

Oh, you forgot about safety 39

Oh, you forgot about safety 40

Oh, you forgot about testing 41

Oh, you forgot about testing 42

Oh, you forgot about people 43

Oh, you forgot about people 44

What if it really is SCADA? 45

Stuff breaks 46

All the &*^$ing time 47

And it gets fixed 48

And it gets fixed 49

And you never noticed 50

4/ Practical Positive Things 54

You can understand this stuff 55

You can help 56

They need you 57

You need to suck it up 58

It's time to learn before teaching 59

It's time to learn before teaching 60

5/ You Wouldn't Believe Me If I Told You 61

The Organization is against you 62

Your prima donna attitude is against you 63

Your age is against you 64

It's time to start hacking 65

First you hack the org 66

Then you own their asses 67

Then you own their asses 68

6/ Movies Would Have You Believe 69

It's a mad mad graphical awesome world 70

What an afternoon at the console really feels like 80

7/ The Media Hypes It As If... 83

There's a hacker behind the bush 84

A 14yo in Mom's basement 89

L337 cadre of genetically engineered supersoldiers 92

Killer Tubes 95

8/ Bad Shit That Actually Happened 96

Not necessarily public news. 97

9/ What Could Have Saved It 98

Superheroes, Ninjas and Pirates 99

Following Instructions 102

Or, not sucking at implementation 103

Or, doing what you're told 104

Or, stuff that has nothing at all to do with computers 105

10/ What You Can Do - Little Picture 106

Learn 107

Stop listening to "experts" 108

Modest changes, massive results 109

11/ What You Can Do - Big Picture 110

Stop feeding the trolls 111

Avoid being ‘that person’ 112

Press for sane acquisitions 113

Study past success 114

Study past success 115

Q & A @myrcurial james.arlen@pushthestack.com 116

Credits, Links and Notices http://jamesarlen.net and Me: http://www.linkedin.com/in/jamesarlen and sometimes http://liquidmatrix.org/blog All of you, My Family, Friends, Jeff Moss (for demanding this talk) and the rest of the Black Hat Europe Team. Thanks: Mentors/Luminaries: D. Anderson, M. Fabro, J. Brodsky, R. Southworth, M. Sachs, C. Jager, B. Radvanovsky and J. Weiss (all from whom I borrowed material) twitter, fast music, caffeine, my lovely wife Inspiration: and hackerish children, blinky lights, shiny things, & altruism. http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ 117

BlackHat Europe 2010: SCADA and ICS for Security Experts

by James Arlen on Jun 01, 2010

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 5

Statistics

BlackHat Europe 2010: SCADA and ICS for Security Experts — Presentation Transcript

http://www.slideshare.net	3
http://www.lmodules.com	1
http://static.slidesharecdn.com	1