SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas

Presented at DEF CON 19 (2011), Aug. 7, 2011, 5 p.m. (50 minutes)

On Christmas Eve, a call was made from a prison warden: all of the cells on death row popped open. Many prisons and jails use SCADA systems with PLCs to open and close doors. Not sure why or if it would happen, the warden called physical security design engineer, John Strauchs, to investigate. As a result of their Stuxnet research, Rad and Newman have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to "open" or "locked closed" on cell doors and gates. Using original and publicly available exploits along with evaluating vulnerabilities in electronic and physical security designs, this talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions.

Presenters:

  • Dora The SCADA Explorer - Exploit Writer
    Dora The SCADA Explorer: Exploit writer.
  • Teague Newman - Information Security Professional/Pen Tester
    Teague Newman is an independent information security consultant based in the Washington, D.C. area with extensive penetration testing experience. In 2009, he competed in the Netwars segment of the US Cyber Challenge and ranked within the Top 10 in the US in all rounds in which he participated. He is also an instructor for Core Security Technologies and has instructed professionals on the topics of information security and penetration testing at places like NASA, DHS, US Army, US Marine Corps (Red Team), DOE, various nuclear facilities as well as for large corporate enterprises. His projects include GPU-based password auditing and liquid nitrogen overclocking.
  • Tiffany Rad - President of ELCnetworks, LLC
    Tiffany Strauchs Rad, BS, MBA, JD, is the President of ELCnetworks, LLC., a technology development, law and business consulting firm with offices in Portland, Maine and Washington, D.C. Her consulting projects have included business and technology development for start-ups and security consulting for U.S. government agencies. She is also a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law, ethics and information security. Her academic background includes studies at Carnegie Mellon University, Oxford University, and Tsinghua University (Beijing, China). She has presented at Black Hat USA, Black Hat Abu Dhabi, Defcon 17 & 18, SecTor, Hackers on Planet Earth, Chaos Communication Congress and regional information security conferences. Tiffany also researches car computers and is fond of virus research (both biological and digital). Twitter: @TiffanyRad Facebook: facebook.com/TiffanyRad
  • John J. Strauchs - President of Strauchs LLC
    John J. Strauchs, M.A., C.P.P., conducted the security engineering or consulting for more than 114 justice design (police, courts, and corrections) projects in his career, which included 14 federal prisons, 23 state prisons, and 27 city or county jails. He owned and operated a professional engineering firm, Systech Group, Inc., for 23 years and is President of Strauchs, LLC. He was an equity principal in charge of security engineering for Gage-Babcock & Associates and an operations officer with the U.S. Central Intelligence Agency (CIA). His company and work was an inspiration for the 1993 movie, "Sneakers" for which he was the Technical Advisor. He was a presenter at Hackers On Planet Earth (HOPE) in 2008 and DojoCon in 2010 and is a consultant for Recursion Ventures.
  • Panel

Links: