[Bucharest] From SCADA to IoT Cyber Security

OWASP EEE
OWASP EEEOWASP
[Bucharest] From SCADA to IoT Cyber Security
from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
 About ME, Bogdan Matache  Cyber Security Specialist – Military Technical Academy  SCADA Security Specialist – InfoSec Institute  Auditor – ISO 27001 Specializations: Cryptography, Social Engineering, SCADA Pen testing  IT&C – over 15 y  Energy @ OIL Sectors – 10 y  SCADA for Renewable Power Plants – 5 y  Pen testing – OIL Sectors systems – 3 y  Pen testing – Electrical Systems – 3 y
What I hacked ?  Fuel Pump ( I changed densitometers values )
What I hacked ?  Asphalt Station ( I Changed the percentage of bitumen)
What I Pen Tested ?  VoIP Networks  WiMAX BTS  Cars (doors open system, tachometer, gps)  Intelligent House System, Smart Buildings  6 companies in 8 months ( Social Engineering )  PLC’s (programmable logic Controller)  Smart Electricity Meters  Smart Gas Meters  Magnetic & RFID Access Cards  Drones Control System  Etc.
What I do ?  I work as a security auditor at EnerSec, a company specialized in Cyber Security for Energy Sector
Definitions  What is SCADA  What is IoT  What is Security
ICS and SCADA  Industrial Control Systems (ICS) is an umbrella term covering many historically different types of control system such as SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems). Also known as IACS (Industrial Automation and Control Systems), they are a form of Operational Technology. In practice, media publications often use “SCADA” interchangeably with “ICS”.
SCADA system
Cars  OBD 2 (On-Board Diagnostics)
Airplanes  ADS-B ( Automatic Dependent Surveillance Broadcast )
Ships  AIS ( Automatic Identification System )
Other hackable SCADA systems  Power Plants (Nuclear Plants)  Transportation System ( Train Switch Crossing and Beacons )  Robots in factories  Etc.
ics-cert.us-cert.gov
[Bucharest] From SCADA to IoT Cyber Security
What is IoT ?  The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.
IoT Growth
SCADA vs IoT  More devices  More Systems  More data  More connectivity / access points  More ‘home’ users  Equals - More opportunities
Attacks Types for SCADA  Power System or Water System ( most likely terrorism )  Attacks upon the power system. target – power system itself  Attacks by the power system. target – population ( make dark or rise lever of chlorine )  Attacks through the power system target - ex high voltage for a specific company
Attacks types for IoT  Open doors ( Bluetooth Lockers, hotel rooms)  Unwanted Surveillance (baby monitors or smart TV’s)  Damage things ( Sprinklers, cooling systems )  Pace Maker  GPS ( fleet monitoring )  Burglars ( profile from smart meters, energy consumption)
CIA vs AIC  IT Security confidentiality, integrity, availability  SCADA and IoT availability, integrity, confidentiality
Protocols  For SCADA ( PLC’s) ModBus, DNP3, IEC 60870, IEC61850, Embedded Proprietary, ICCP, UCA 2.0  For IoT Bluetooth low-e, Wi-Fi low-e, NFC, RFID, ANT, Z-Wave, Neul, SigFox, Thread, 6LowPAN, ZigBee, Cellular, LoRA WAN
Software for Hacking SCADA / IoT  Black Arch Linux  Hack Ports  Helix, Kali Linux  Samurai STFU  Security Onion  OSINT  Dedicated software exploits for PLC’s for Siemens, Allen Bradley, Schneider, ABB, etc.
Hardware tools for Pentest  WiFi Pineapple  Rubber Ducky
Hardware tools for Pentesting  Hack RF
 Prox Mark 3 clone RFID Mifare cards Hardware tools for Pentest
Malware example for SCADA / IoT  Stuxnet, Havex, Flame, DragonFly  APT is most dangerous
Critical risk scenarios  RS 01 - disrupting the operation of control systems by delaying or blocking the flow of information through control networks, thereby denying availability of the networks to control system operators;  RS 02 - unauthorized changes to programmed instructions in PLCs, RTUs, or DCS controllers, change alarm thresholds, or issue unauthorized commands to control equipment, which could potentially result in damage to equipment (if tolerances are exceeded), premature shutdown of processes (such as prematurely shutting down transmission lines), or even disabling control equipment;
Critical risk scenarios  RS 03 - send false information to control system operators either to disguise unauthorized changes or to initiate inappropriate actions by system operators;  RS 04 - modify the control system software, producing unpredictable results;  RS 05 - interfere with the operation of safety systems.
Defence / Alerts  ics-cert.us-cert.gov  CERT-ICS.eu
Defence / Intelligence
Security Operation Center
[Bucharest] From SCADA to IoT Cyber Security
1 of 34

[Bucharest] From SCADA to IoT Cyber Security

Download to read offline
Internet

From SCADA to IoT Cyber Security. Bogdan Matache.

OWASP EEE
OWASP EEEOWASP

Recommended

ICS Security 101 by Sandeep Singh by
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
1.6K views39 slides
Insider threat by
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
2.5K views53 slides
Vulnerability and Patch Management by
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
7.9K views33 slides
Enterprise Vulnerability Management: Back to Basics by
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
1.8K views32 slides
Network security - Defense in Depth by
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
5.8K views91 slides
Zero Trust Framework for Network Security​ by
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
2.5K views27 slides

More Related Content

What's hot

Introduction to IoT Security by
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
8.5K views32 slides
Will Internet of Things (IoT) be secure enough? by
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
3.2K views69 slides
Cloud Security Architecture.pptx by
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
619 views46 slides
Advice for CISOs: How to Approach OT Cybersecurity by
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityMighty Guides, Inc.
344 views22 slides
Cloud security (domain6 10) by
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
300 views143 slides
Patch and Vulnerability Management by
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
3.5K views62 slides

What's hot(20)

Introduction to IoT Security by CAS
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS8.5K views
Will Internet of Things (IoT) be secure enough? by Ravindra Dastikop
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
Ravindra Dastikop3.2K views
Cloud Security Architecture.pptx by Moshe Ferber
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber619 views
Advice for CISOs: How to Approach OT Cybersecurity by Mighty Guides, Inc.
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
Mighty Guides, Inc.344 views
Cloud security (domain6 10) by Maganathin Veeraragaloo
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo300 views
Patch and Vulnerability Management by Marcelo Martins
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins3.5K views
IoT Security by Peter Waher
IoT SecurityIoT Security
IoT Security
Peter Waher3.1K views
Intrusion detection and prevention system by Nikhil Raj
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj27.3K views
The Art of Human Hacking : Social Engineering by OWASP Foundation
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation765 views
IDS and IPS by Santosh Khadsare
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare 17K views
Some Tatbikatları ve SIEM Testleri İçin Siber Saldırıları Nasıl Optimize Ederiz? by BGA Cyber Security
Some Tatbikatları ve SIEM Testleri İçin Siber Saldırıları Nasıl Optimize Ederiz?Some Tatbikatları ve SIEM Testleri İçin Siber Saldırıları Nasıl Optimize Ederiz?
Some Tatbikatları ve SIEM Testleri İçin Siber Saldırıları Nasıl Optimize Ederiz?
BGA Cyber Security1.7K views
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living... by CableLabs
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs2.6K views
3. security architecture and models by 7wounders
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders12.5K views
Virtual honeypot by Elham Hormozi
Virtual honeypotVirtual honeypot
Virtual honeypot
Elham Hormozi3.1K views
An introduction to Cyber Essentials by Jisc
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc1.7K views
Denial of service attack by Ahmed Ghazey
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey5.5K views
Cybersecurity in Industrial Control Systems (ICS) by Joan Figueras Tugas
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas6.7K views
IoT Security, Threats and Challenges By V.P.Prabhakaran by Koenig Solutions Ltd.
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.2.2K views
Zero Trust Model Presentation by Gowdhaman Jothilingam
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam12.3K views
Different types of attacks in internet by Rohan Bharadwaj
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj35.2K views

Similar to [Bucharest] From SCADA to IoT Cyber Security

IoT and IIoT - Security Challenges and Innovative Approaches by
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesShashi Kiran
220 views26 slides
Security Issues in SCADA based Industrial Control Systems by
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
317 views17 slides
Securing SCADA by
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
252 views22 slides
Securing SCADA by
Securing SCADASecuring SCADA
Securing SCADAJeffrey Wang , P.Eng
495 views22 slides
Chapter-2 Internet of Things.pptx by
Chapter-2 Internet of Things.pptxChapter-2 Internet of Things.pptx
Chapter-2 Internet of Things.pptx40NehaPagariya
49 views20 slides
SCADA Systems Vulnerabilities and Blockchain Technology by
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technologyijtsrd
253 views3 slides

Similar to [Bucharest] From SCADA to IoT Cyber Security(20)

IoT and IIoT - Security Challenges and Innovative Approaches by Shashi Kiran
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran220 views
Security Issues in SCADA based Industrial Control Systems by aswanthmrajeev112
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems
aswanthmrajeev112317 views
Securing SCADA by Jeffrey Wang , P.Eng
Securing SCADA Securing SCADA
Securing SCADA
Jeffrey Wang , P.Eng252 views
Securing SCADA by Jeffrey Wang , P.Eng
Securing SCADASecuring SCADA
Securing SCADA
Jeffrey Wang , P.Eng495 views
Chapter-2 Internet of Things.pptx by 40NehaPagariya
Chapter-2 Internet of Things.pptxChapter-2 Internet of Things.pptx
Chapter-2 Internet of Things.pptx
40NehaPagariya49 views
SCADA Systems Vulnerabilities and Blockchain Technology by ijtsrd
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technology
ijtsrd253 views
Nozomi Fortinet Accelerate18 by Nozomi Networks
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks1.1K views
Internet Of Things by venkat thangella
Internet Of Things Internet Of Things
Internet Of Things
venkat thangella2.9K views
Industrial Iot and Legacy Scada system - the solution for future ? by Prescinto Technologies Private Limited
Industrial Iot and Legacy Scada system - the solution for future ?Industrial Iot and Legacy Scada system - the solution for future ?
Industrial Iot and Legacy Scada system - the solution for future ?
Prescinto Technologies Private Limited303 views
Scada, a PLC's story by Paolo Stagno
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
Paolo Stagno280 views
Nozomi Networks Q1_2018 Company Introduction by Nozomi Networks
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks4.5K views
Training manual on scada by bhavuksharma10
Training manual on scadaTraining manual on scada
Training manual on scada
bhavuksharma10259 views
IJSRED-V2I2P15 by IJSRED
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
IJSRED41 views
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02 by NiMa Bagheriasl
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
NiMa Bagheriasl254 views
Scada Industrial Control Systems Penetration Testing by Yehia Mamdouh
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh18.8K views
02 ibm security for smart grids by IBM Italia Web Team
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart grids
IBM Italia Web Team239 views
Io t first(1) by MuhammadAbduArRahman
Io t first(1)Io t first(1)
Io t first(1)
MuhammadAbduArRahman79 views
Io t of actuating things by Arpan Pal
Io t of actuating thingsIo t of actuating things
Io t of actuating things
Arpan Pal208 views
scada-130512133852-phpapp01.pptx by surangagw
scada-130512133852-phpapp01.pptxscada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptx
surangagw8 views
Esd notes iae by Muru Gan
Esd notes iaeEsd notes iae
Esd notes iae
Muru Gan220 views

More from OWASP EEE

[Austria] ZigBee exploited by
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploitedOWASP EEE
747 views48 slides
[Austria] Security by Design by
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by DesignOWASP EEE
665 views16 slides
[Austria] How we hacked an online mobile banking Trojan by
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking TrojanOWASP EEE
654 views41 slides
[Poland] It's only about frontend by
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontendOWASP EEE
521 views56 slides
[Poland] SecOps live cooking with OWASP appsec tools by
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec toolsOWASP EEE
461 views35 slides
[Cluj] Turn SSL ON by
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
406 views16 slides

More from OWASP EEE(20)

[Austria] ZigBee exploited by OWASP EEE
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
OWASP EEE747 views
[Austria] Security by Design by OWASP EEE
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
OWASP EEE665 views
[Austria] How we hacked an online mobile banking Trojan by OWASP EEE
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE654 views
[Poland] It's only about frontend by OWASP EEE
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
OWASP EEE521 views
[Poland] SecOps live cooking with OWASP appsec tools by OWASP EEE
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE461 views
[Cluj] Turn SSL ON by OWASP EEE
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE406 views
[Cluj] Information Security Through Gamification by OWASP EEE
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
OWASP EEE585 views
[Cluj] CSP (Content Security Policy) by OWASP EEE
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
OWASP EEE576 views
[Cluj] A distributed - collaborative client certification system by OWASP EEE
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
OWASP EEE163 views
[Russia] Node.JS - Architecture and Vulnerabilities by OWASP EEE
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE560 views
[Russia] MySQL OOB injections by OWASP EEE
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE1.6K views
[Russia] Bugs -> max, time <= T by OWASP EEE
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
OWASP EEE346 views
[Russia] Give me a stable input by OWASP EEE
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
OWASP EEE335 views
[Russia] Building better product security by OWASP EEE
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
OWASP EEE382 views
[Lithuania] I am the cavalry by OWASP EEE
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
OWASP EEE539 views
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent by OWASP EEE
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE774 views
[Lithuania] DigiCerts and DigiID to Enterprise apps by OWASP EEE
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE350 views
[Lithuania] Introduction to threat modeling by OWASP EEE
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
OWASP EEE444 views
[Hungary] I play Jack of Information Disclosure by OWASP EEE
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
OWASP EEE510 views
[Hungary] Survival is not mandatory. The air force one has departured are you... by OWASP EEE
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE378 views

Recently uploaded

The Dark Web : Hidden Services by
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
14 views24 slides
ATPMOUSE_융합2조.pptx by
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 views70 slides
Affiliate Marketing by
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 views30 slides
hamro digital logics.pptx by
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptxtupeshghimire
10 views36 slides
How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides
Marketing and Community Building in Web3 by
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
14 views64 slides

Recently uploaded(6)

The Dark Web : Hidden Services by Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh14 views
ATPMOUSE_융합2조.pptx by kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 views
Affiliate Marketing by Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 views
hamro digital logics.pptx by tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire10 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 views

[Bucharest] From SCADA to IoT Cyber Security

  • 2. from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
  • 3.  About ME, Bogdan Matache  Cyber Security Specialist – Military Technical Academy  SCADA Security Specialist – InfoSec Institute  Auditor – ISO 27001 Specializations: Cryptography, Social Engineering, SCADA Pen testing  IT&C – over 15 y  Energy @ OIL Sectors – 10 y  SCADA for Renewable Power Plants – 5 y  Pen testing – OIL Sectors systems – 3 y  Pen testing – Electrical Systems – 3 y
  • 4. What I hacked ?  Fuel Pump ( I changed densitometers values )
  • 5. What I hacked ?  Asphalt Station ( I Changed the percentage of bitumen)
  • 6. What I Pen Tested ?  VoIP Networks  WiMAX BTS  Cars (doors open system, tachometer, gps)  Intelligent House System, Smart Buildings  6 companies in 8 months ( Social Engineering )  PLC’s (programmable logic Controller)  Smart Electricity Meters  Smart Gas Meters  Magnetic & RFID Access Cards  Drones Control System  Etc.
  • 7. What I do ?  I work as a security auditor at EnerSec, a company specialized in Cyber Security for Energy Sector
  • 8. Definitions  What is SCADA  What is IoT  What is Security
  • 9. ICS and SCADA  Industrial Control Systems (ICS) is an umbrella term covering many historically different types of control system such as SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems). Also known as IACS (Industrial Automation and Control Systems), they are a form of Operational Technology. In practice, media publications often use “SCADA” interchangeably with “ICS”.
  • 11. Cars  OBD 2 (On-Board Diagnostics)
  • 12. Airplanes  ADS-B ( Automatic Dependent Surveillance Broadcast )
  • 13. Ships  AIS ( Automatic Identification System )
  • 14. Other hackable SCADA systems  Power Plants (Nuclear Plants)  Transportation System ( Train Switch Crossing and Beacons )  Robots in factories  Etc.
  • 17. What is IoT ?  The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.
  • 19. SCADA vs IoT  More devices  More Systems  More data  More connectivity / access points  More ‘home’ users  Equals - More opportunities
  • 20. Attacks Types for SCADA  Power System or Water System ( most likely terrorism )  Attacks upon the power system. target – power system itself  Attacks by the power system. target – population ( make dark or rise lever of chlorine )  Attacks through the power system target - ex high voltage for a specific company
  • 21. Attacks types for IoT  Open doors ( Bluetooth Lockers, hotel rooms)  Unwanted Surveillance (baby monitors or smart TV’s)  Damage things ( Sprinklers, cooling systems )  Pace Maker  GPS ( fleet monitoring )  Burglars ( profile from smart meters, energy consumption)
  • 22. CIA vs AIC  IT Security confidentiality, integrity, availability  SCADA and IoT availability, integrity, confidentiality
  • 23. Protocols  For SCADA ( PLC’s) ModBus, DNP3, IEC 60870, IEC61850, Embedded Proprietary, ICCP, UCA 2.0  For IoT Bluetooth low-e, Wi-Fi low-e, NFC, RFID, ANT, Z-Wave, Neul, SigFox, Thread, 6LowPAN, ZigBee, Cellular, LoRA WAN
  • 24. Software for Hacking SCADA / IoT  Black Arch Linux  Hack Ports  Helix, Kali Linux  Samurai STFU  Security Onion  OSINT  Dedicated software exploits for PLC’s for Siemens, Allen Bradley, Schneider, ABB, etc.
  • 25. Hardware tools for Pentest  WiFi Pineapple  Rubber Ducky
  • 27.  Prox Mark 3 clone RFID Mifare cards Hardware tools for Pentest
  • 28. Malware example for SCADA / IoT  Stuxnet, Havex, Flame, DragonFly  APT is most dangerous
  • 29. Critical risk scenarios  RS 01 - disrupting the operation of control systems by delaying or blocking the flow of information through control networks, thereby denying availability of the networks to control system operators;  RS 02 - unauthorized changes to programmed instructions in PLCs, RTUs, or DCS controllers, change alarm thresholds, or issue unauthorized commands to control equipment, which could potentially result in damage to equipment (if tolerances are exceeded), premature shutdown of processes (such as prematurely shutting down transmission lines), or even disabling control equipment;
  • 30. Critical risk scenarios  RS 03 - send false information to control system operators either to disguise unauthorized changes or to initiate inappropriate actions by system operators;  RS 04 - modify the control system software, producing unpredictable results;  RS 05 - interfere with the operation of safety systems.
  • 31. Defence / Alerts  ics-cert.us-cert.gov  CERT-ICS.eu