Overview
Explore the technical security challenges faced by organizations with SCADA, critical infrastructure, or control systems installations in this 47-minute conference talk. Dive into the intricacies of SCADA systems, including RTU, IED, PLC, FEP, PCS, DCS, HMI, sensors, and data historians. Categorize these components into distinct groups based on functionality and examine their security implications. Study SCADA protocols at the packet level and understand their vulnerabilities. Learn about potential attacks against each group and component, and discover an updated open-source tool for identifying and inventorying SCADA systems. Gain insights from real-world examples of successful and unsuccessful security control implementations in SCADA systems. Receive guidance on implementing additional measures to achieve acceptable security for control system owners. Whether you're responsible for control system infrastructure, an engineer in charge of security, or new to control systems, acquire valuable knowledge about the security complexities of these critical systems.
Syllabus
Intro
Agenda
2009 - 2013 SCADA Vulnerabilities
Components
Acquisition Convert parameters like light, temperature, pressure or flow to analog signals
Conversion
Presentation & Control
2013 Vulnerabilities by category
Emerson ROC800 Vulnerabilities
Siemens CP 1604 / 1616 Interface Card Vulnerability
Communication
ModBus Vulnerabilities
DNP Vulnerabilities
Security Analysis of SCADA protocols
SSH, FTP, TFTP, IGMP, SNMP
Real world issues
System Wide Challenges
Proposals
Scada Scan
Taught by
OWASP Foundation