The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices

Explore the world of Industrial Control System (ICS) security in this Black Hat USA 2013 conference talk. Delve into the findings of a robust ICS honeynet, uncovering the true nature of attacks on critical infrastructure devices. Learn about the profiles, intelligence, and identities of attackers who exploited the honeynet environment. Witness a live demonstration of attackers exfiltrating perceived sensitive data. Discover surprising and substantial findings that challenge common assumptions in the ICS community. Gain insights into geo-location techniques used to track attacker movements, operations, and attacks. Examine new statistics and attack details exclusive to this presentation. Understand the differences between ICS and IT security, explore typical ICS deployments, and learn about protocols like Modbus and DNP. Analyze vulnerability overviews, attack statistics, and the distinction between critical and non-critical attacks. Investigate tools and techniques used in ICS security, including snort and decoy documents. Dive into the attribution framework and explore recommendations for improving ICS security, including USB lockdown measures.