Overview
Explore the world of remote physical damage attacks in this Black Hat conference talk. Delve into the concept of "unexpected physics" in cyber-physical systems and learn about generic "bread and butter" attacks applicable across various scenarios. Discover how attackers can exploit common configurations of valves, pumps, and pipes to cause physical damage through purely cyber means. Examine the current state of security in process control networks and understand why defending against network intrusions alone is insufficient. Gain insights into various attack techniques, including pressure transients, water hammer heating, gravity hammer steam veld collapse, and three-phase attacks. Consider the importance of implementing physical controls to mitigate attacker effectiveness even after code execution is achieved. Use this presentation as a starting point for discussions on improving security measures in industrial control systems beyond traditional network defenses.
Syllabus
Intro
Warning!!!
Stages of ICS Hacking
Process Specific Attack
What You Already Have
Place Shifting Chemical Reactions
Pressure Transients
Water Hammer Heating
Gravity Hammer Steam Veld Collapse
Check Valves
Level Boundary Slug
Biphase Slug with Piston Effect
Vacuum Collapse
Steam Collapse
Three-Phase Attacks
Newtonian Mechanics
Working Fluids
Questions
Taught by
Black Hat