Over the course of hundreds of plant evaluations, vulnerability tests, penetration tests, and other security projects, questions often get raised about what vulnerabilities for ICS really mean. As vulnerabilities reported in ICS gain increased attention and awareness, some have been eager to try out their hand at attacking industrial processes, or have attempted to raise awareness under what ultimately proves to be false flag conditions when the “threat” is rather quickly discounted due to mitigating factors – such as hardwired controls like a tank level switch that would prevent an overflow from occurring, despite taking control of an individual controller. Moving beyond device vulnerabilities into high impact damages on control systems requires not only IT security skills, but also engineering skills and knowledge of control systems. All three together represent a critical danger to safe and efficient operations. This talk will focus on attack modes for ICS involving gaining access to the system, exploiting vulnerabilities, but most importantly when common hacking techniques must yield to engineering skills in order to further the impact to the system beyond causing nuisance trips. Discussion of common industrial processes and how to both gain access to the system and how to effectively bypass machine protective systems will be included in this talk.

Bio: Mr. Singer is a principal consultant with Kenexis Security Corporation. He has over 18 years experience in information technology security including 12 years specializing in industrial automation and control systems security. He is experienced in OSINT, counter-terrorism, forensics, penetration testing, vulnerability research, and cyber security assessments for over 3000 industrial processes worldwide. He is the founding and past chairman of ISA-99/62443, current director elect of the ISA Safety and Security Division, co-author of “Cybersecurity for Industrial Control Systems: SCADA DCS, PLC, HMI, and SIS,” and is a frequent speaker and trainer for all things industrial control systems security.

Back to TakeDownCon Rocket City 2014 video list