Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Why is SCADA Security an Uphill Battle

OWASP Foundation via YouTube

Overview

Explore the technical security challenges faced by organizations with SCADA, critical infrastructure, or control systems installations in this 47-minute conference talk. Dive into the intricacies of SCADA systems, including RTU, IED, PLC, FEP, PCS, DCS, HMI, sensors, and data historians. Categorize these components into distinct groups based on functionality and examine their security implications. Study SCADA protocols at the packet level and understand their vulnerabilities. Learn about potential attacks against each group and component, and discover an updated open-source tool for identifying and inventorying SCADA systems. Gain insights from real-world examples of successful and unsuccessful security control implementations in SCADA systems. Receive guidance on implementing additional measures to achieve acceptable security for control system owners. Whether you're responsible for control system infrastructure, an engineer in charge of security, or new to control systems, acquire valuable knowledge about the security complexities of these critical systems.

Syllabus

Intro
Agenda
2009 - 2013 SCADA Vulnerabilities
Components
Acquisition Convert parameters like light, temperature, pressure or flow to analog signals
Conversion
Presentation & Control
2013 Vulnerabilities by category
Emerson ROC800 Vulnerabilities
Siemens CP 1604 / 1616 Interface Card Vulnerability
Communication
ModBus Vulnerabilities
DNP Vulnerabilities
Security Analysis of SCADA protocols
SSH, FTP, TFTP, IGMP, SNMP
Real world issues
System Wide Challenges
Proposals
Scada Scan

Taught by

OWASP Foundation

Reviews

Start your review of Why is SCADA Security an Uphill Battle

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.