Your SlideShare is downloading. ×
Smau Bologna 2013 Stefano Zanero
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Smau Bologna 2013 Stefano Zanero


Published on

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Security of Cyber-Physical SystemsStefano Zanero, PhDAssistant Professor, Politecnico di Milano
  • 2. Stefano ZaneroBuongiorno!Im an assistant professorat Politecnico di Milano,My laboratory deals withNovel, EmergingComputing SystemTechnologies, andencompasses the systemsecurity research effortsBlack Hat review boardmemberAIPSI/ISSA Internationalmember & ISSAInternational Director
  • 3. Stefano Zanero08/12/123Scope of this talkThis talk deals with security of cyber-physicalsystemsIn particular, with the vulnerabilities at theseparation layer of such systems
  • 4. Stefano Zanero08/12/124Cyber-physical systemsEvolution of thetraditional embeddedsystems for controlE.g. SCADA systems,avionics, vehicularcontrol andinfotainment, “smartgrid”Do you know whats the“naked” CPS on theleft?
  • 5. Stefano ZaneroVulnerabilitiesIn information security, a vulnerability is a weaknesswhich allows to reduce a systems informationassuranceMore generally, a vulnerability is a weakness in asystem that makes it susceptible to being damaged,or more generally makes it unfit to withstand someexternal conditionWe should not confuse the existence of avulnerability with the existence of a threat (e.g. anattacker), or with the existence of one or morespecific exploits for that vulnerability
  • 6. Stefano ZaneroSecurity as managing risksAll (information) systems are vulnerableThis is not a self-justifying mantra, its a basic fact oflife: invulnerability, just like perfection, is but anillusionVulnerabilities, their exploitability and the existenceand prevalence of threats combine with the potentialof damage to create risksSecurity is the discipline of managing risk reducing itto a tolerable level, balancing the costsThe issue of securing critical systems is that it isvery difficult to gauge the product of very lowprobabilities times very high potential damage
  • 7. Stefano ZaneroFact checkWant to check with you some factsFact 1: CPS are increasingly involved in criticalinfrastructures and safety-critical systemsFact 2: CPS are increasingly becoming controlloops closed without humans in the middleFact 3: CPS are evolving towards complexnetworks of complex systems, rather than single,embedded, simple systemsFact 4: threat level by actors likely to act againstthese systems is constantly on the rise
  • 8. Stefano ZaneroFact 1: critical systems“… potential (cyber)attacks againstnetwork infrastructures may havewidespread and devastatingconsequences on our daily life: no moreelectricity or water at home, rail and planeaccidents, hospitals out of service”Viviane RedingVP of European Commission
  • 9. Stefano Zanero9Train signals...
  • 10. Stefano ZaneroConnected cars...10
  • 11. Stefano ZaneroThe power grid...11
  • 12. Stefano ZaneroFighter planes...12
  • 13. Stefano Zanero08/12/1213Fact 2: no human in the middle
  • 14. Stefano ZaneroIn the real world...
  • 15. Stefano ZaneroAlgorithmic trading fails~40% of share orders in Europe by algorithmic trading; 5yrs ago, 20%. In the U.S. 37%. (src: Tabb Group)Knight trading is just the latest failureSvend Egil Larsen (Norwegian trader) in 2007 reversedthe trading algorithm of Timber Hill, a unit of US-basedInteractive Brokers, found a flaw and exploited it for$50,000 (U.S.) in a few months. Not guilty, btw.Deutsche Bank’s trading algorithms in Japan took out a$182-billion stock position by mistake in 2010“Flash crash” in 2010, Dow Jones Industrial Averageswung hundreds of points in 20 minutes – exacerbatedby trading algorithms kicking in
  • 16. Stefano ZaneroFact 3: complexity of networks
  • 17. Stefano ZaneroInterconnection...
  • 18. Stefano Zanero… and convergence
  • 19. Stefano ZaneroInterconnection (too much of it)
  • 20. Stefano Zanero08/12/1220Fact 4: rising threatsAll the data comesfrom the InternetSecurity Threat Report2011
  • 21. Stefano ZaneroFind the differences...Chinas Chengdu J-20 fighter (circa oct.2010) vs. NorthropYF-23 (1994)Remember thatNorthrop was one ofthe first targets of theAPT (AdvancedPersistent Threat)campaign in 2009Suggestive, isnt it?
  • 22. Stefano ZaneroIts not just about the business
  • 23. Stefano ZaneroThe slippery slope of cyberwarStuxnet: designed tosabotage Irans nuclearfacilitiesDuqu: discovered a fewmonths later, possiblycreated earlier, sameplatform as Stuxnet;uses zero-day;designed to collect dataon the Iranian nuclearprogram (which endedup in the ends of UN)
  • 24. Stefano ZaneroAnd then came the flameFlamer: enormous malwarespecimen discovered in2012 by ITU; intelligencegathering; encryption zeroday (!); component link toStuxnet (!!)Gauss: similar to the othersin many way, includesbanking trojan and anencrypted payload whichwasnt cracked yetNo comment to theabove image (detailingdiffusion of Flame) isprobably needed.
  • 25. Stefano ZaneroWhat next?Shamoon: a very differentbeast, targeting critical filesfrom a specific company(Saudi Aramco)Still, a targeted attack withusage of signed drivercomponent like FlamerOverwrote critical files on30.000 machines (¾) on thecorporate network with aburning American flagClaimed by unknown“Cutting Sword of Justice”group on PastebinWhats next?
  • 26. Stefano ZaneroFacts checked!Fact 1: CPS are increasingly involved in criticalinfrastructures and safety-critical systemsFact 2: CPS are increasingly becoming control loopsclosed without humans in the middleFact 3: CPS are evolving towards complex networksof complex systemsFact 4: threat level by (state/nonstate)-actors likelyto act against these systems is constantly on the riseAll of this leads, at the same time, to increasingattack surfaces, vulnerability exposure, threatprevalence, potential damageWhat about defense then?
  • 27. Stefano ZaneroWhere we are: legacy woes
  • 28. Stefano ZaneroForever day bugsZero-day: an unknownvulnerability exploited by anattackerForever day: an old,beaten-to-deathvulnerability still aroundMost CPS are changeaverse, and thus prone toforever day bugsRuggedCom is in goodcompany with ABB,Schneider Electric, andSiemensRuggedCom forever day:Known username,fixed password easy to crack,impossible to disable
  • 29. Stefano ZaneroWhere we are going: hardware attacksRakshasa is a fully functional bootkitresident in RAM and invoked by aseemingly sane BIOS/firmware
  • 30. Stefano ZaneroThe perfect stormVulnerabilities arising atthe boundary wheredigital and physicalconnectThe trading algorithmsare a first exampleSmart gridvulnerabilities areanother excellentexample of possiblepositive feedback loopsbetween the two realms
  • 31. Stefano ZaneroConclusionsWe are brewing a perfect digital storm with unfathomableconsequencesWe are using complex networks of digital systems tocontrol critical infrastructures and safety-critical systems,without humans in the loopThreat level by (state/nonstate)-actors likely to actagainst these systems is constantly on the rise, and weare actively contributing to legitimize thisWe have issues with zero-days as well as forever-days,and we have significant upcoming threats (malicioushardware and interstitial layer threats)We need significant engineering and research effortsto get this done and avert the storm
  • 32. Stefano ZaneroQuestions?Thank you for yourattention!You can reach me atstefano.zanero@polimi.itOr just tweet @raistoloOur research on these topics hasbeen partially funded by theEuropean Commission under FP7project SysSec, and by ItalysPRIN project TENACE