A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer (TakeDownCon Rocket City 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer

Over the course of hundreds of plant evaluations, vulnerability tests, penetration tests, and other security projects, questions often get raised about what vulnerabilities for ICS really mean. As vulnerabilities reported in ICS gain increased attention and awareness, some have been eager to try out their hand at attacking industrial processes, or have attempted to raise awareness under what ultimately proves to be false flag conditions when the “threat” is rather quickly discounted due to mitigating factors – such as hardwired controls like a tank level switch that would prevent an overflow from occurring, despite taking control of an individual controller. Moving beyond device vulnerabilities into high impact damages on control systems requires not only IT security skills, but also engineering skills and knowledge of control systems. All three together represent a critical danger to safe and efficient operations. This talk will focus on attack modes for ICS involving gaining access to the system, exploiting vulnerabilities, but most importantly when common hacking techniques must yield to engineering skills in order to further the impact to the system beyond causing nuisance trips. Discussion of common industrial processes and how to both gain access to the system and how to effectively bypass machine protective systems will be included in this talk.

Bio: Mr. Singer is a principal consultant with Kenexis Security Corporation. He has over 18 years experience in information technology security including 12 years specializing in industrial automation and control systems security. He is experienced in OSINT, counter-terrorism, forensics, penetration testing, vulnerability research, and cyber security assessments for over 3000 industrial processes worldwide. He is the founding and past chairman of ISA-99/62443, current director elect of the ISA Safety and Security Division, co-author of “Cybersecurity for Industrial Control Systems: SCADA DCS, PLC, HMI, and SIS,” and is a frequent speaker and trainer for all things industrial control systems security.

Back to TakeDownCon Rocket City 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast