Industrial Cyber Security

DEF CON 18

Presented by: Paul Malkewicz, J. Novak, Wade Polk
Date: Saturday July 31, 2010
Time: 20:00 - 20:50
Location: Royale 1
Track: Track 2

Industrial control systems are flexible constructs that result in increased efficiency and profitability, but this comes at the cost of vulnerability. In past years, industrial cyber security has been mostly ignored due to cost, lack of understanding, and a low incidence rate. More and more these systems rely on commercial, off the shelf software which increases the ease and likelihood of an attack. Today, we face growing threats from individuals, foreign governments and competing companies. The risks have increased by orders of magnitude.

This presentation will provide an overview of control components common to the power industry, common vulnerabilities, the current situation with industry’s cyber infrastructure as well as worst case scenarios. A short overview of standards & governances will follow along with suggestions to achieve compliance with overlapping governances. The final phase of the presentation will provide the audience with a case study regarding the security flaws of a programmable logic controller, a common control component, and just how devastating an attack on industrial machinery can be. This will be demonstrated on the physical hardware by simulation of common systems run by this device. After the presentation, a breakout session will occur where the audience will have the opportunity to attempt to compromise the control network.

Wade Polk

Wade Polk is a controls engineer in mining and power generation. Specialties include cyber security, NERC compliance, DB development, pollution monitoring/reduction systems, control room designs, fire protection systems, instrument requisitions, logic design and control system design. Additional experience includes robotics, MIDI development, RF design, IC design, processor design. - B.S., Electrical Engineering, 2006 - B.S., Computer Engineering, 2006

Paul Malkewicz

Paul Malkewicz has over five years of experience, including two years with WorleyParsons, in the design and implementation of control systems and data acquisition systems. Responsible for the design and development of automated integration systems. As an Instrumentation and Controls (I&C) Engineer, proficient in analysis and design tasks including specifying, integrating, and commissioning distributed control systems (DCS) for power plants. Project engineering experience includes defining instruments for mechanical equipment, defining instrument specifications, and creating system descriptions for control system logic development. Experience creating loop and control wiring diagrams for installation and maintenance of instruments and equipment. - B.S., Computer Engineering, University of Illinois, Champaign/Urbana, 2004 - Member, ISA, 2010-Present

J. Novak

J. Novak is a controls engineer in mining and power generation. Worked in Mining and power generation industry for 3 Years. Worked as a PLC programmer for period of 2 years. - A.S., Electrical Engineering - B.S., Electrical Engineering


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats