Presented at
ShmooCon 2023,
Jan. 21, 2023, noon
(60 minutes).
While being obvious for Security professionals, everybody is slowly but surely understanding that securing the IT worlds isn’t sufficient. Thus, most companies are also applying their measure to other domains, like Operational Technology. One potentially even more specific area is the railway domain. From a Hacker’s perspective trains are big, loud, cool, and fun. Sadly, rail is a very closed world, with specific tech that we only rarely get to touch.
During the presentation I will lift some of the fog surrounding the area and give various insights into where rail is really special and where things simply are just the way we as Hacker’s would expect.
The talk will give an overview of the following topics:
* Parts & Components of the overall railway system
* Current developments and directions
* Insights into regulatory requirements
* The German approach, which should at least give some inspiration
* Processes and lifecycles
* Implications of being “special”
All in all the talk will give a bunch of inspiration for interested Hackers and researchers but also explain why caution is highly recommended.
Presenters:
-
Brian Butterly
After a few years of incident response in a very large and crazily diverse environment, Brian Butterly (@BadgeWizard) has changed back into a more offensive area. Focusing on operational technology and the railway sector, he’s applying his knowledge from past projects in the areas of embedded-, hardware-, mobile-, and telecommunications-security to ginormous vehicles driving at high speeds and everything surrounding them. While combining a closed environment and good old hacking spirit results in a fair amount of challenges, he’s doing his best to fuse both world together and carry on sharing fun insights.