THE LAST GASP OF THE INDUSTRIAL AIR-GAP...

Industrial Systems are widely believed to be air-gapped. At previous Black Hat conferences, people have demonstrated individual utilities control systems directly connected to the internet. However, this is not an isolated incident of failure, but rather a disturbing trend. By visualising results from SHODAN over a 2 1/2 year period, we can see that there are thousands of exposed systems around the world. By using some goelocation, and vulnerability pattern matching to service banners we can see their rough physical location and the numbers of standard vulnerabilities they are exposed to.

This allows us to look at some statistics about the industrial system security posture of whole nations and regions. During the process of this project I worked with ICS-CERT to inform asset-owners of their exposure and other CERT teams around the world. The project has reached out to 63 countries, and sparked discussion of convergence towards the public internet of many insecure protocols and devices. The original dissertation can be found here:

http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf

and a bit of previous press here:

http://www.wired.com/threatlevel/2012/01/10000-control-systems-online/

Presented by