Presentation Material

Abstract

This session is the result of a yearlong study of the most recent SCADA vulnerabilities that affected industrial control systems and critical infrastructure. The study includes root cause analysis, attack vector scrutiny, consequence of successful attack and finally remediation study for SCADA vulnerabilities in the past year. Attendees will get an insight into the factors that resulted in the nature, magnitude and timing of the harmful outcomes in order to identify what actions need to be taken to prevent recurrence of similar harmful outcomes. The presentation will study different attack vectors and payloads by which a malicious entity can gain access or completely compromise critical infrastructure or industrial control systems. It will also study in detail the immediate consequences of a successful attack and the repercussions that it can have on SCADA network and organization. The presenter will discuss many real life vulnerability case studies as well as present aggregate results for all vulnerabilities included in the study. Based on this aggregation the presenter will offer strategies, policies and best practices for attack mitigation which can be used by attendees in their day-to-day field of work. The presentation will conclude with guidance on how these best practices can be leveraged by control system owners to get to an acceptable security. Attendees who are in charge of control system infrastructure will get insight on vulnerabilities that affected their systems. Engineers who are in-charge of security for control systems will get a better technical insight of attacks. Attendees who are new to control systems will get an excellent overview of security complexities of control systems.