What the Hell is ICS Security?

What the Hell is ICS Security?

Note: When I found this and saw that the CFP closes in two days, I made a submission at work. It was not "detailed," as I was at work and didn't have much time to spend on it. This is a more detailed description of the same proposal.

  • Introduction - How I ended up involved in ICS security

  • What are Industrial Control Systems?

  • Different Acronyms - DCS, ICS, EMS, etc.

  • SCADA and Me - Comic for "children and managers"

  • Why should you be interested in ICS?

  • Critical Infrastructure
  • Ukraine attack - first confirmed attack on power grid
  • Other recent "cyber attacks" - Turkey, Ukraine again, Vermont (none of these confirmed, some of them demonstrably not "cyber attacks")

  • "Cyber is the new squirrel" - It gets blamed for every power outage

  • What protocols are we talking about?

  • DNP3, Modbus, ICCP

  • There's more, these are the ones I'm most familiar with from the electric industry.

  • CIA Triad

  • Confidentiality, Integrity, Availability - classic from IT security

  • ICS thinks about Availability 90%, Integrity 9%, and Confidentiality 1% (if that)

  • "Insecure by Design"

  • Lack of authentication in pretty much every protocol

  • Why do electrical engineers dislike us security people?

  • Applies to other engineers - chem, etc.
  • Too much FUD
  • Don't understand their concerns (CIA triad again)

  • Ego - Hackers can be pompous assholes (nobody in this Room, I'm sure)

  • Transition - So how do you get involved in ICS security?

  • Free Tools

  • Wireshark

  • Shodan

  • Free CTFs

  • SANS ICS Security Challenge
  • Cybati CTF

  • How are these different than "traditional" CTFs?

  • Free Training

  • Cybati (again)

  • DHS stuff - Highlighted by Idaho National Lab's Red Team/Blue Team exercise

  • Other Training/Events

  • SANS ICS Summit - in Orlando, so close by
  • S4 - in Miami, again close by

  • 4SICS - Sweden (Not close by, not even a little)

  • Most Important - Relationships

  • Donuts - Engineers will show up if you offer them donuts
  • Reach out to people - it's a very welcoming community
    • Some examples of people - (Chris Sistrunk, Robert M. Lee, Jack Whitsitt, etc.)
    • I came into this industry as a noob, and even "big names" were very approachable

Presented by