The document discusses cybersecurity risks in industrial control systems used in chemical plants. It begins with an introduction to industrial control systems and their components. It then outlines the stages of a potential cyber-physical attack against such a system - gaining initial access, discovering details of the physical process, gaining control of systems, causing damage through manipulation of the process, and covering tracks. Specific attack scenarios are described, such as using water hammer effects to damage pipes. The talk aims to illustrate vulnerabilities to help drive improvements in the security of industrial control systems.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Web uygulamaları dağıtım kolaylığı nedeniyle masaüstü uygulamalara üstünlük sağlamış ve geniş uygulama alanı bulmuştur. Bunun yanı sıra internete açık olan uygulamaların önemli bir kısmı da web uygulaması şeklindedir. Web uygulaması olmayan masaüstü uygulamalar ve mobil uygulamalar dahi web uygulama mimarisinin önemli bir kısmı olan HTTP protokolünü kullanmaktadır.
Bunların yanı sıra web uygulamaları çok katmanlı mimariye sahip olup, bu durum nispeten web uygulama altyapılarının sıradan masaüstü uygulamalara nazaran karmaşık olmalarına neden olmaktadır.
Tüm bu nedenlerden dolayı web uygulamaları saldırganların gözde hedeflerinden birisidir.
Web uygulama denetimi eğitiminde katılımcılara web uygulamalarında ortaya çıkabilecek açıklıkların neler olduğu, bu açıklıkları nasıl tespit edebilecekleri ve açıklıkların ortadan kaldırılma yöntemleri aktarılmaktadır.
Web uygulama denetimi eğitimi, mobil uygulama denetimi yapacak katılımcılara da gerekli temel web teknolojileri bilgilerini aktarmayı hedeflemektedir.
www.btrisk.com
View on-demand: https://wso2.com/library/webinars/api-security-best-practices-and-guidelines/
Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints.
At the same time, security itself is a broad area and vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing.
There is much to learn about API security, regardless of whether you are a novice or expert and it’s extremely important that you do because security is an integral part of any development project, including API ecosystems.
This webinar will deep-dive into the importance of API security, API security patterns, and how identity and access management (IAM) fit in the ecosystem.
DURING THE WEBINAR, WE WILL COVER:
Managed APIs
OAuth 2.0 and API security patterns
Introduction to WSO2 Identity Server
How we align with OWASP API security guidelines
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
ECU (Electronic Control Unit) для современного гоночного автомобиля представляет собой микроконтроллер, реализующий детальное управление всеми системами болида. Внутри ECU работает операционная система, принимающая информацию от различных датчиков и выдающая управляющие команды в соответствии с заданным профилем. Владелец может менять настройки профиля, но в базовых версиях своего оборудования разработчики ECU обычно запрещают использование некоторых функций, позволяющих добиться максимальной эффективности систем автомобиля. Целью нашего исследования было получение доступа к управлению всеми настройками ECU и полное раскрытие его потенциала.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Web uygulamaları dağıtım kolaylığı nedeniyle masaüstü uygulamalara üstünlük sağlamış ve geniş uygulama alanı bulmuştur. Bunun yanı sıra internete açık olan uygulamaların önemli bir kısmı da web uygulaması şeklindedir. Web uygulaması olmayan masaüstü uygulamalar ve mobil uygulamalar dahi web uygulama mimarisinin önemli bir kısmı olan HTTP protokolünü kullanmaktadır.
Bunların yanı sıra web uygulamaları çok katmanlı mimariye sahip olup, bu durum nispeten web uygulama altyapılarının sıradan masaüstü uygulamalara nazaran karmaşık olmalarına neden olmaktadır.
Tüm bu nedenlerden dolayı web uygulamaları saldırganların gözde hedeflerinden birisidir.
Web uygulama denetimi eğitiminde katılımcılara web uygulamalarında ortaya çıkabilecek açıklıkların neler olduğu, bu açıklıkları nasıl tespit edebilecekleri ve açıklıkların ortadan kaldırılma yöntemleri aktarılmaktadır.
Web uygulama denetimi eğitimi, mobil uygulama denetimi yapacak katılımcılara da gerekli temel web teknolojileri bilgilerini aktarmayı hedeflemektedir.
www.btrisk.com
View on-demand: https://wso2.com/library/webinars/api-security-best-practices-and-guidelines/
Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints.
At the same time, security itself is a broad area and vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing.
There is much to learn about API security, regardless of whether you are a novice or expert and it’s extremely important that you do because security is an integral part of any development project, including API ecosystems.
This webinar will deep-dive into the importance of API security, API security patterns, and how identity and access management (IAM) fit in the ecosystem.
DURING THE WEBINAR, WE WILL COVER:
Managed APIs
OAuth 2.0 and API security patterns
Introduction to WSO2 Identity Server
How we align with OWASP API security guidelines
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
ECU (Electronic Control Unit) для современного гоночного автомобиля представляет собой микроконтроллер, реализующий детальное управление всеми системами болида. Внутри ECU работает операционная система, принимающая информацию от различных датчиков и выдающая управляющие команды в соответствии с заданным профилем. Владелец может менять настройки профиля, но в базовых версиях своего оборудования разработчики ECU обычно запрещают использование некоторых функций, позволяющих добиться максимальной эффективности систем автомобиля. Целью нашего исследования было получение доступа к управлению всеми настройками ECU и полное раскрытие его потенциала.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
Waf.js: как защищать веб-приложения с использованием JavaScriptPositive Hack Days
Ведущие: Денис Колегов и Арсений Реутов
Авторы доклада продемонстрируют, как внедрение клиентских сценариев JavaScript может быть использовано для обнаружения и предотвращения различных атак, поиска уязвимых клиентских компонент, определения утечек данных об инфраструктуре веб-приложений, выявления веб-ботов и инструментальных средств нападения. Поделятся собственными методами обнаружения инъекций при помощи синтаксических анализаторов без сигнатур и фильтрующих регулярных выражений, а также рассмотрят реализацию концепции JavaScript-ловушек на стороне клиента для атак SSRF, IDOR, Command Injection и CSRF.
Перехват беспроводных гаджетов — от квадрокоптеров до мышекPositive Hack Days
Автор: Артур Гарипов
Доклад посвящен общим аспектам применения SDR (software-defined radio) в анализе радиоэфира. Ведущий покажет, как происходят поиск и определение беспроводных устройств, анализ протоколов и их спуфинг, перехват управления беспроводным оборудованием, атака Mousejack.
Ведущий: Андрей Масалович
Целый арсенал средств информационного воздействия используется в корпоративном коммуникационном маркетинге и в астротурфинге. Докладчик расскажет о том, как подготавливаются информационные атаки, как распознавать их на ранних стадиях и противостоять им. Проанализирует особенности восприятия и распространения информации в социальных сетях с использованием троллей и ботов. Рассмотрит метод экспресс-анализа социальных портретов участников массовых обсуждений — рядовых пользователей, политиков, медийных персон, подростков, вербовщиков и их жертв.
Remote hacking a car
Presentation by Oren Elimelech @ ICT 19th August 2015
Inspired by: Remote Exploitation of an Unaltered Passenger Vehicle, by: Dr. Charlie Miller & Chris Valasek - Black Hat USA Auigust 2015
Apresentação Empresa Junior Sinergia - reunião geral CEEMPRE JrCEEMPRE
Apresentação da EJ de Quimica e Engenharia Química da Universidade Federal de Viçosa, realizada em agosto de 2010 na reunião geral do Núcleo de EJs da UFV - CEEMPRE Jr
Ведущий: Валерий Боронин
Как облегчить для разработчика процесс анализа исходного кода на стадии реализации по SDL/SSDL и как интегрировать инструменты анализа, чтобы уменьшить затраты на исправление ошибок? Иногда лучшее решение — это отсутствие пользовательского интерфейса! Приходите, чтобы увидеть взаимодействие Человека с Машиной через исходный код.
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationPositive Hack Days
Author: Babak Javadi
For over 100 years, the modern pin tumbler lock has been used as the gold standard of physical security. Unique designs have come and gone over the years, but only the pin tumbler lock has remained constant. Almost just as constant is a neat hack-turned-standard feature that is commonly referred to as Master Keying. Master Keying allows the use of "unique" permissions-based mechanical keys in large systems and remains in use in large business and government installations in every country in the world. Unfortunately, the oldest authentication system in the world still in wide use today is vulnerable to what many consider to be the original privilege escalation attack, predating digital computer systems completely. Known by a handful of locksmiths for decades and first publicly disclosed in 2003, this un-patched vulnerability remains one of the most dangerous and under-protected physical security weaknesses still present today. This talk will discuss a highly optimized attack method against common master keyed systems as it applies to modern locks, and will cover a couple of options for mitigating and defending against the attack.
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
2008-10-09 - Bits and Chips Conference - Embedded Systemen Architecture patternsJaap van Ekris
In the past, embedded software was intended to automate simple isolated tasks for dedicated purposes. However, there is a trend towards integrating embedded components into large networks which can perform complex tasks. Customers expect systems to be open and extensible, to prepare for future challenges. This introduces new challenges for embedded software engineers: the integration of components into larger integrated networks poses new demands upon component quality (how to prepare a component for all possible future assemblies) as well as an integrated system architecture viewpoint (how to construct a flexible but secure and reliable network).
In this presentation we show, based on practical examples, what the value of systematic thinking of software quality and systems architecture is in developing complex integrated embedded systems.
Detecting ICS Attacks Using Recurrent Neural NetworksKaspersky
Cyber attacks aiming at critical infrastructure and automated industrial production plants can be the most disastrous in terms of consequences. But, luckily for us, the digital footprint of any physical system is governed by the laws of physics, and a neural network can learn the normal behaviour of the cyberphysical system and detect the anomalies faster that safety sensors normally do - saving time and costs.
Andrey Lavrentyev, Head of Technology Research Department, Kaspersky Lab, talked at S4x18 Conference in San Francisco about successful implementation of a recurrent neural network to a Tennessee Eastman Process.
To lean more, please visit our blog: https://www.kaspersky.com/blog/ml-for-ad?utm_source=smm_ss&utm_medium=ww_ss_o_240118
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
1. Основные понятия и определения: продукт, пакет, связи между ними.
2. Как узнать, какие изменения произошли в продукте?
3. Проблемы changelog и release note.
4. Решение: инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
1. Обзор Windows Docker (кратко)
2. Как мы построили систему билда приложений в Docker (Visual Studio\Mongo\Posgresql\etc)
3. Примеры Dockerfile (выложенные на github)
4. Отличия процессов DockerWindows от DockerLinux (Долгий билд, баги, remote-регистр.)
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
1. Проблемы в построении CI процессов в компании
2. Структура типовой сборки
3. Пример реализации типовой сборки
4. Плюсы и минусы от использования типовой сборки
1. Что такое BI. Зачем он нужен.
2. Что такое Qlik View / Sense
3. Способ интеграции. Как это работает.
4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды.
5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).
Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.
Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений?
На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей.
К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.
Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных.
Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.
Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Who I am
(Ex)Academic
Have been teaching security topics
for 10 semesters
Prefer physics over web
technologies
Most frequently asked question:
HOW DID I LEARN ALL THESE
THINGS??
6. Converts analog signal into digital
Sensors pre-process the measurements
May send data directly to actuators
IP-enabled (part of the “Internet-of-Things”)
Computational
element
Sensor
Smart instrumentation
Old generation
temperature sensor
7. Cyber-physical systems are IT systems “embedded” in an
application in the physical world
Cyber-Physical Systems
Attack goals:
o Get the physical system in a state
desired by the attacker
o Make the physical system perform
actions desired by the attacker
8. Promise from the vendors:
Expect instruments of the future
to have multiple communication
channels, each one with built-in
security (LOL), much like a present-
day Ethernet switch. These
channels will be managed with IP
adressing and server technology,
allowing the instrument to
become a true data server
Vendors
Instrumentation of the future
21. Traditional IT hacking
• 1 0day
• 1 Clueless user
• AntiVirus and Patch Management
• Database Links
• Backup Systems
22. Invading field devices
Jason Larsen at Black Hat’15 “Miniaturization”
o Inserting rootkit into firmware
Water flow
Shock wave
Valve PhysicalReflected shock wave
Valve closes Shockwave Reflected wave
Pipe
movement
Attack scenario: pipe damage with
water hammer
24. Process discovery
What and how the
process is producing
How it is build and
wired
How it is controlledEspionage
Espionage,
reconnaissance
Espionage,
reconnaissance
29. Understanding points and logic
Piping and instrumentation diagram
Ladder logic
Programmable Logic Controller
Pump on the plant
Courtesy: Jason Larsen
31. Available controls
Obtaining control is not being in
control
Obtained control might not be
useful for attack goal
Attacker might not necessary be
able to control obtained controls
WTF???
33. Physics of process control
Once hooked up together, physical components they
become related to each other by the physics of the process
If we adjust one a valve what happens to everything else?
o Adjusting temperature also increases pressure and flow
o All the downstream effects need to be taken into account
How much does the process can be changed before releasing
alarms or it shutting down?
34. Process control challenges
Controller Process
Transmitter
Final control
element
Set point
Load
Operator practice
Control strategy
Tuning
Algorithm
Configuration
Sizing
Dead band
Flow properties Equipment design
Process design
Sampling frequency
Filtering
35. Process control challenges
Process dynamic is highly non-linear (???)
Behavior of the process is known to the extent of its modelling
o So to controllers. They cannot control the process beyond their
control model
UNCERTAINTY!
37. Types of attacks
Step attack
Periodic attack
Magnitude of manipulation
Recovery time
38. Outcome of the control stage
Sensitivity Magnitude of manipulation Recovery time
High XMV {1;5;7} XMV {4;7}
Medium XMV {2;4;6} XMV {5}
Low XMV{3} XMV {1;2;3;6}
Reliably useful controls
39. Alarm propagation
Alarm Steady state attacks Periodic attacks
Gas loop 02 XMV {1} XMV {1}
Reactor feed T XMV {6} XMV {6}
Rector T XMV{7} XMV{7}
FEHE effluent XMV{7} XMV{7}
Gas loop P XMV{2;3;6} XMV{2;3;6}
HAc in decanter XMV{2;3;7} XMV{3}
41. “It will eventually
drain with the
lowest holes loosing
pressure last”
“It will be fully
drained in 20.4
seconds and the
pressure curve
looks like this”
Technician Engineer
Technician vs. engineer
„SCADA triangles: reloaded“. Jason Larsen, S4.
49. Creating forensics footprint
Process operators may get concerned after noticing persistent
decrease in production and may try to fix the problem
If attacks are timed to a particular maintenance work, plant
employee will be investigated rather than the process
1. Pick several ways that the temperature can be increased
2. Wait for the scheduled instruments calibration
3. Perform the first attack
4. Wait for the maintenance guys being screamed at
and recalibration to be repeated
5. Play next attack
6. Go to 4
53. Defense opportunities
Better understanding the hurdles the attacker has to
overcome
o Understanding what she needs to do and why
o Eliminating low hanging fruits
o Making exploitation harder
Wait for the attacker
o Certain access/user credentials need to be obtained
o Certain information needs to be gathered
Building attack-resilient processes
o Put mechanical protections (e.g. manual valve)
o By design (slow vs. fast valves)
o Hardening (adjusting control cycle and/or parameters)