1 / 17

Control Systems And Cyber Security 2600 Meeting June 6,2014

Control Systems And Cyber Security 2600 Meeting June 6,2014. Michael Toecker. Mikhail Turcher , big fanci pantsie. Cyber Security Overview. Module 1. Ooooh … Cybah Cybah Cybah Overfuncher !. Basics. Control Systems are computing systems that monitor and control physical processes

karik
Download Presentation

Control Systems And Cyber Security 2600 Meeting June 6,2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control SystemsAnd Cyber Security2600 Meeting June 6,2014 Michael Toecker Mikhail Turcher, big fancipantsie

  2. Cyber Security Overview Module 1 Ooooh… CybahCybahCybahOverfuncher!

  3. Basics • Control Systems are computing systems that monitor and control physical processes • We’re talking powerplants, locomotives, water treatment, building operations, and stuff like that • Uses things called Programmable Logic Controllers, Remote Terminal Units take in signals from things like pumps, valves, motors, etc Basi….. Sknnnnzzzz….

  4. Evolution of Control Systems Distributed Control System Pneumatic Logic Programmable Logic Electro-Mechanical Logic Dis presentation needs more goats

  5. Computer Systems and Displays, linked to Digital Process Controllers through High Speed Ethernet Based networks utilizing Field Programmable Gate Array and Function Block Logic Human InteractionThen and Now Buttons, Levers, Paper Trend Plotters, Annunciators, all linked to Relays and Actuators through Electronic or Pneumatic Communications utilizing Relay/Ladder Logic I tells him to Pressy the butensies!! Press them!!! He does not.

  6. Cyber Security • The problem is, use of normal IT stuff has caused Control Systems to inherit the same vulnerabilities of those IT systems… • Ever been hacked? How did that affect your computer? Other computers you own? • Imagine being the computer that runs the Chemical Plant down the road. I be doin the hackring.. Hackring and slashring in Skyrim… MY KNEE!!

  7. But…. The Introduction of Computers also Brought the Vulnerability of the Information Age • Computation evolved into Networked systems • Prioritized the fast, efficient, and easy sharing of data • Control Systems and Information Systems were easily connected together, up to and including the Internet • Vulnerabilities in these Systems allows Malicious Individuals to Access and Disrupt operations • Coding Practices assumed good behavior, but did not enforce it. • Networked Systems allowed access from remote locations, or over the Internet Heh. Goatsies.

  8. We Apologize for the Fault in the Subtitles.. Those responsible have been sacked

  9. Notable Cyber Events Stuxnet is the Prime Example of a Cyber Security issue affecting Control Systems • Government Developed Computer Virus • Designed to disrupt the Iranian nuclear enrichment process at Natanz • Three Modes of Operation • Windows Based, designed to infect Windows systems • Siemens Simatic, designed to subvert communications between the PLC and Simatic Applications • Siemens S7 PLC Based, designed to run equipment outside of operating envelope, and conceal operating parameters from operators.

  10. Targeted Iran’s NatanzEnrichment Facility Mahmoud Ahmadinejad Control Systems

  11. Infected PLCs Broke Centrifuges Also Mahmoud Ahmadinejad This Runs These

  12. Stuxnet’s Goal • Reduce the capability of the Iranian Government to produce Nuclear materials • It Damaged Systems • It reduced quality of the product • Destroyed Centrifuges • Hid itself from the operators • Personally, I have great sympathy for the Iranian Engineers…. • I’d hate to have to go to my boss, repeatedly, and tell him my system was f*cked up, not matter what I was doing to fix it. This is Enriched Uranium

  13. Dancing monkeys…. Super Secret Easter Egg in Siemens PLCs, Used at Natanzfound by Dillon Beresford

  14. It Doesn’t Have to Be State Sponsored Though

  15. Digital Bond’s Project Basecamp Intended to focus attention on vulnerabilities in control system devices, to get vendors to change how insecure their devices actually were. Full Disclosure: I work for Digital Bond

  16. Threatpost, 2011 • Hacker pr0f gained access to, and posted pictures of the South Houston water Treatment plant.

  17. Conclusions • Control Systems run Industrial Stuff • They use normal IT components • They don’t spend much time on security, if any • Governments have used control systems to do bad things to other governments • You can find these things on the Internet • …. Bad guys can exploit this stuff over the internet.

More Related