BSidesSLC 2017: If System = ICS, Then Pwn4g3

Here’s the schedule for this year. Registering here does not count. You MUST register to attend any of these. You may register here: https://www.bsidesslc.org/registration.html

You cannot manually add workshops to your schedule. You need to go register for them at https://www.bsidesslc.org/signup.html, and then the workshp will be added to your schedule.

View analytic

If System = ICS, Then Pwn4g3 > Root

Feedback form is now closed.

Got root? Great. Got physics? No? Defender wins.

Total pwn4g3 of an Industrial Control System (ICS) requires more than rooting a system. Successful attacks require 2 payloads, one to control the technology and one to control the process.

ICS attacks are therefore more complex attack strategies, different tool kits, and more time to implement. They also lead to more mistakes. (Hacker foo and practical physics rarely play well together the first time they meet!)

What happens when mistakes are made during an ICS attack? *Physical changes to closely monitored processes
*Repeated errors interrupting normal automation operations
*An unusual occurrence of defensive advantage

Let's talk about how ICS attacks are planned, common signs attackers are developing the physics payload, and how to defend the process.

Speakers

Bri Rolston

Bri Rolston is the ICS Security Lead for Monsanto Corporation where she works with the supply chain, OT, and ICS teams. She still works occasionally as a Critical Infrastructure Security Researcher for the Idaho National Laboratory (INL). Her work requires lots of caffeine, research, data mongering, and quality geek time. | | In past lives, she has been a cyber security researcher, threat manager, security architect, incident... Read More →

Thursday March 9, 2017 4:30pm - 5:30pm
Track 2 Salt Palace Convention Center

Track 2

BSidesSLC 2017

Bri Rolston

Attendees (13)

Twitter Feed