Presentation is loading. Please wait.

Presentation is loading. Please wait.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

Published byMavis Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie."— Presentation transcript:

1 CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie

2 CYBER SECURITY OVERVIEW MODULE 1 Ooooh… Cybah Cybah Cybah Overfuncher!

3 BASICS Control Systems are computing systems that monitor and control physical processes We’re talking powerplants, locomotives, water treatment, building operations, and stuff like that Uses things called Programmable Logic Controllers, Remote Terminal Units take in signals from things like pumps, valves, motors, etc Basi….. Sknnnnzzzz….

4 Electro-Mechanical Logic Pneumatic Logic Programmable Logic Distributed Control System Evolution of Control Systems Dis presentation needs more goats

5 HUMAN INTERACTION THEN AND NOW Buttons, Levers, Paper Trend Plotters, Annunciators, all linked to Relays and Actuators through Electronic or Pneumatic Communications utilizing Relay/Ladder Logic Computer Systems and Displays, linked to Digital Process Controllers through High Speed Ethernet Based networks utilizing Field Programmable Gate Array and Function Block Logic I tells him to Pressy the butensies!! Press them!!! He does not.

6 CYBER SECURITY The problem is, use of normal IT stuff has caused Control Systems to inherit the same vulnerabilities of those IT systems… Ever been hacked? How did that affect your computer? Other computers you own? Imagine being the computer that runs the Chemical Plant down the road. I be doin the hackring.. Hackring and slashring in Skyrim… MY KNEE!!

7 BUT…. Computation evolved into Networked systems  Prioritized the fast, efficient, and easy sharing of data  Control Systems and Information Systems were easily connected together, up to and including the Internet Vulnerabilities in these Systems allows Malicious Individuals to Access and Disrupt operations  Coding Practices assumed good behavior, but did not enforce it.  Networked Systems allowed access from remote locations, or over the Internet The Introduction of Computers also Brought the Vulnerability of the Information Age Heh. Goatsies.

8 WE APOLOGIZE FOR THE FAULT IN THE SUBTITLES.. THOSE RESPONSIBLE HAVE BEEN SACKED

9 NOTABLE CYBER EVENTS Government Developed Computer Virus  Designed to disrupt the Iranian nuclear enrichment process at Natanz Three Modes of Operation  Windows Based, designed to infect Windows systems  Siemens Simatic, designed to subvert communications between the PLC and Simatic Applications  Siemens S7 PLC Based, designed to run equipment outside of operating envelope, and conceal operating parameters from operators. Stuxnet is the Prime Example of a Cyber Security issue affecting Control Systems

10 TARGETED IRAN’S NATANZ ENRICHMENT FACILITY Control Systems Mahmoud Ahmadinejad

11 INFECTED PLCS BROKE CENTRIFUGES This Runs These Also Mahmoud Ahmadinejad

12 STUXNET’S GOAL Reduce the capability of the Iranian Government to produce Nuclear materials  It Damaged Systems  It reduced quality of the product  Destroyed Centrifuges Hid itself from the operators Personally, I have great sympathy for the Iranian Engineers….  I’d hate to have to go to my boss, repeatedly, and tell him my system was f*cked up, not matter what I was doing to fix it. This is Enriched Uranium

13 DANCING MONKEYS…. Super Secret Easter Egg in Siemens PLCs, Used at Natanz found by Dillon Beresford

14 IT DOESN’T HAVE TO BE STATE SPONSORED THOUGH

15 DIGITAL BOND’S PROJECT BASECAMP Intended to focus attention on vulnerabilities in control system devices, to get vendors to change how insecure their devices actually were. Full Disclosure: I work for Digital Bond

16 THREATPOST, 2011 Hacker pr0f gained access to, and posted pictures of the South Houston water Treatment plant.

17 CONCLUSIONS Control Systems run Industrial Stuff They use normal IT components They don’t spend much time on security, if any Governments have used control systems to do bad things to other governments You can find these things on the Internet …. Bad guys can exploit this stuff over the internet.

18 QUESTIONS? Thanks, Mike

Download ppt "CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie."

Similar presentations

Michael Thow Cyber Security Engineering Supervisor

Michael Thow Cyber Security Engineering Supervisor
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
HYDRAULICS & PNEUMATICS

HYDRAULICS & PNEUMATICS
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June 2009 512 KB in size First public knowledge July 2010 60% of infected.

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
Dr. HABEEB HATTAB HABEEB Dr. HABEEB HATTAB HABEEB Office: BN-Block, Level-3, Room-088 Ext. No.: 7292 UNITEN.

Dr. HABEEB HATTAB HABEEB Dr. HABEEB HATTAB HABEEB Office: BN-Block, Level-3, Room Ext. No.: 7292 UNITEN.
LET’S TALK BACNET SCADASIDES LAST MINUTE CHANGE MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

LET’S TALK BACNET SCADASIDES LAST MINUTE CHANGE MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas.

DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Distributed Control Systems Emad Ali Chemical Engineering Department King SAUD University.

Distributed Control Systems Emad Ali Chemical Engineering Department King SAUD University.
CHE 185 – PROCESS CONTROL AND DYNAMICS DCS AND PLC FUNDAMENTALS.

CHE 185 – PROCESS CONTROL AND DYNAMICS DCS AND PLC FUNDAMENTALS.
PLC: Programmable Logical Controller

PLC: Programmable Logical Controller
Autonomic Security Management of Industrial Systems Sherif Abdelwahed Electrical and Computer Engineering Mississippi State University.

Autonomic Security Management of Industrial Systems Sherif Abdelwahed Electrical and Computer Engineering Mississippi State University.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
SCADA and Telemetry Presented By:.

SCADA and Telemetry Presented By:.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Similar presentations

Ads by Google