Explore an in-depth analysis of Industrial Control Systems (ICS) and SCADA software vulnerabilities in this 41-minute conference talk. Delve into the findings of a 100-day bug discovery project, examining various components and real-world examples from brewery operations to security implementations. Learn about the importance of Human-Machine Interface (HMI) and control server software, techniques used for vulnerability discovery, and key observations from the research. Gain insights into silent installation risks, compare malware behaviors with ActiveX controls, and discover essential strategies to protect industrial assets. Acquire valuable knowledge about ICS security, complete with references for further exploration.
Overview
Syllabus
Intro
TERRY MCCORKLE @OPSYS
ICS COMPONENTS
EXAMPLE (BREWERY)
EXAMPLE (OUTSIDE PLANT)
EXAMPLE (SECURITY)
WHY HMI/ CONTROL SERVER SOFTWARE
FINDING GOLD
VENDORS
TECHNIQUES USED
OVERVIEW OF RESULTS
OBSERVATION
STORY TIME
DOWNLOAD AND SILENT INSTALL
COMPARISON OF MALWARE AND THIS ACTIVEX CONTROL
LEFTOVERS
PROTECT YOUR ASSETS
REFERENCES
