SCADA StrangeLove: Too Smart Grid in da Cloud

Presented at 31C3 (2014), Dec. 27, 2014, 2 p.m. (60 minutes).

For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.​ Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common and why one should not develop brand new web server. Specially for the specialists on the other side of the fences, we will show by example of one industry the link between information security and industrial safety and will also demonstrate how a root access gained in a few minutes can bring to nought all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.​

Presenters:

  • Sergey Gordeychik
    Sergey Gordeychik, security expert, Director and Scriptwriter of the Positive Hack Days (www.phdays.com) forum, captain of SCADAStrangeLove.org (www.scadasl.org) project. Sergey Gordeychik is the Director and Scriptwriter of the Positive Hack Days forum, captain of SCADAStrangeLove.org team and Web Application Security Consortium (WASC) contributor. Industrial cyber-disasters researcher and speaker at S4, CCC, POC, Kaspersky SAS, etc. The main areas of his work are the development of the enterprise security products in vulnerability & compliance management and application security niches, and guidance one of the largest Europe team of professional security researches. Sergey has developed a number of training courses, including "Wireless Networks Security" and "Analysis and Security Assessment of Web Applications", published several dozens of articles in various titles and a book called "Wireless Networks Security". MCSE (starting from NT 4.0), CISSP and MVP in Enterprise Security: R&D.
  • Aleksandr Timorin
    pentester and ics/scada security researcher. As a member of SCADAStrangeLove team I'm trying to make world safer. That's why industrial control systems, protocols, smartgrids and so on are my main interests. As well as a sharing our results with community.

Links:

Similar Presentations: