Industrial control systems are flexible constructs that result in increased efficiency and profitability, but this comes at the cost of vulnerability. In past years, industrial cyber security has been mostly ignored due to cost, lack of understanding, and a low incidence rate. More and more these systems rely on commercial, off the shelf software which increases the ease and likelihood of an attack. Today, we face growing threats from individuals, foreign governments and competing companies. The risks have increased by orders of magnitude.
This presentation will provide an overview of control components common to the power industry, common vulnerabilities, the current situation with industry’s cyber infrastructure as well as worst case scenarios. A short overview of standards & governances will follow along with suggestions to achieve compliance with overlapping governances. The final phase of the presentation will provide the audience with a case study regarding the security flaws of a programmable logic controller, a common control component, and just how devastating an attack on industrial machinery can be. This will be demonstrated on the physical hardware by simulation of common systems run by this device. After the presentation, a breakout session will occur where the audience will have the opportunity to attempt to compromise the control network.