BlackHat Europe 2010: SCADA and ICS for Security Experts
•
11 gostaram•1,304 visualizações
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!! And because they don't know what the hell they're talking about - 'fake it till ya make it' doesn't work - they're making all of us look stupid. Let's sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: "I'm not an expert at everything, I can help some, may we work together on a solution?" It's time to stop being a Cyber Idiot and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh - and make government agents have kittens. That's fun for everyone.
Recomendados
Recomendados
Mais conteúdo relacionado
Destaque
Destaque (11)
Semelhante a BlackHat Europe 2010: SCADA and ICS for Security Experts
Semelhante a BlackHat Europe 2010: SCADA and ICS for Security Experts (20)
Mais de James Arlen
Mais de James Arlen (9)
Último
Último (20)
BlackHat Europe 2010: SCADA and ICS for Security Experts
- 1. SCADA and ICS for Security Experts: How to Avoid Being a Cyber Idiot James Arlen, CISA Black Hat Europe - Barcelona - 2010 1
- 2. Disclaimer I am employed in the Infosec industry, but not authorized to speak on behalf of my employer or clients. Everything I say can be blamed on great food, mind-control and jet lag. 2
- 3. Credentials 15+ years information security specialist staff operations, consultant, auditor, researcher utilities vertical (grid operations, generation, distribution) financial vertical (banks, trust companies, trading) ...still not an expert at anything. 3
- 4. 1/ Stop Sounding Stupid 4
- 5. Scada got sexy 5
- 6. Follow the money 6
- 7. Who's an expert now? 7
- 10. Gotta get me a piece of that 10
- 11. 2/ Big Things and Little Things 11
- 12. Not all ‘scada’ is SCADA 12
- 13. Big things: power grid 13
- 14. Big things: pipeline 14
- 17. Supervisory control and data acquisition 17
- 28. Industrial control systems/ Distributed control systems 28
- 29. 3/ Part of a Bigger Picture 29
- 30. So if you break the computer, you break everything 30
- 31. What happens when Edna falls into the reactant vessel 31
- 32. This is the data 32
- 33. This is the data 33
- 34. This is the process 34
- 35. This is the process 35
- 36. This is the process 36
- 37. I know you can grok the protocol, can you break the controls? 37
- 38. I know you can grok the protocol, can you break the controls? 38
- 39. Oh, you forgot about safety 39
- 40. Oh, you forgot about safety 40
- 41. Oh, you forgot about testing 41
- 42. Oh, you forgot about testing 42
- 43. Oh, you forgot about people 43
- 44. Oh, you forgot about people 44
- 45. What if it really is SCADA? 45
- 46. Stuff breaks 46
- 47. All the &*^$ing time 47
- 48. And it gets fixed 48
- 49. And it gets fixed 49
- 50. And you never noticed 50
- 51. And you never noticed 51
- 52. And you never noticed 52
- 53. And you never noticed 53
- 54. 4/ Practical Positive Things 54
- 56. You can help 56
- 57. They need you 57
- 58. You need to suck it up 58
- 59. It's time to learn before teaching 59
- 60. It's time to learn before teaching 60
- 61. 5/ You Wouldn't Believe Me If I Told You 61
- 63. Your prima donna attitude is against you 63
- 64. Your age is against you 64
- 65. It's time to start hacking 65
- 66. First you hack the org 66
- 67. Then you own their asses 67
- 68. Then you own their asses 68
- 69. 6/ Movies Would Have You Believe 69
- 80. What an afternoon at the console really feels like 80
- 81. What an afternoon at the console really feels like 81
- 82. What an afternoon at the console really feels like 82
- 83. 7/ The Media Hypes It As If... 83
- 89. A 14yo in Mom's basement 89
- 90. A 14yo in Mom's basement 90
- 91. A 14yo in Mom's basement 91
- 95. Killer Tubes 95
- 96. 8/ Bad Shit That Actually Happened 96
- 97. Not necessarily public news. 97
- 98. 9/ What Could Have Saved It 98
- 100. Superheroes, Ninjas and Pirates 100
- 101. Superheroes, Ninjas and Pirates 101
- 102. Following Instructions 102
- 103. Or, not sucking at implementation 103
- 104. Or, doing what you're told 104
- 105. Or, stuff that has nothing at all to do with computers 105
- 106. 10/ What You Can Do - Little Picture 106
- 107. Learn 107
- 108. Stop listening to "experts" 108
- 109. Modest changes, massive results 109
- 110. 11/ What You Can Do - Big Picture 110
- 111. Stop feeding the trolls 111
- 112. Avoid being ‘that person’ 112
- 113. Press for sane acquisitions 113
- 114. Study past success 114
- 115. Study past success 115
- 116. Q & A @myrcurial james.arlen@pushthestack.com 116
- 117. Credits, Links and Notices http://jamesarlen.net and Me: http://www.linkedin.com/in/jamesarlen and sometimes http://liquidmatrix.org/blog All of you, My Family, Friends, Jeff Moss (for demanding this talk) and the rest of the Black Hat Europe Team. Thanks: Mentors/Luminaries: D. Anderson, M. Fabro, J. Brodsky, R. Southworth, M. Sachs, C. Jager, B. Radvanovsky and J. Weiss (all from whom I borrowed material) twitter, fast music, caffeine, my lovely wife Inspiration: and hackerish children, blinky lights, shiny things, & altruism. http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ 117