Larson, Jason; “Breakage - SCADA Security” Blackhat DC 2008, Washington, DC February 21, 2008
It’s not often that an attacker has the opportunity to actually break things; and while breaking software is fun, breaking hardware can be even more rewarding. Process control systems are where the physical hardware of the real world meets the software we all know and love.
One of the great unknowns of the process control world is how many physical valves, pumps, and breakers can be damaged by a remote attacker who has gained access to the control systems. Reinstalling a computer or restarting an embedded device isn’t fun, but cutting out a valve and replacing it is even less fun. For example CNN carried an article explaining how a several-ton electric generator was made to jump off the floor and permanently damage itself.
In this presentation, smaller and more common components will be connected and tested to failure as they normally appear in the field. We will discuss classes of hardware failure as well as how much control and knowledge of the process is required to drive the hardware component to the point of failure.
Why we like it: Jason looks beyond the pure cyber security question and discusses what a motivated attacker could actually learn about the dynamics of a process and how the attacker could use that information destructively. We just wish he hadn't posted it on the open web, but now that is there you might as well read it. [See the Presentation]
E.J. Byres and M Franz; “Uncovering Cyber Flaws” InTech Magazine, Instrumentation, Systems and Automation Society, Research Triangle Park, NC, p.21 -25 , Jan 2006
To ensure the safety and security of the process, company, and staff, find the vulnerabilities and break a negative chain of events... [Read More]
Byres Security Inc. and Byres Research
P.O. Box 178
Lantzville BC V0R 2H0
Phone: 250-390-1333
Fax: 250-390-1359
Email: info@ByresSecurity.com
