Education Level: Basic
When hearing the buzzword “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. We haven’t thought of these new types of devices as miniature computers that need the same care in deployment, management and protection as our servers, computers and mobile phones. The mainstream security industry has been asleep at the wheel and largely overlooked one of the world’s most vital technology sectors: embedded, automation and control systems. This is a huge blind spot. Embedded devices, such as ICS and SCADA systems, are the low-hanging fruit for potential attackers: They are abundant, easy to compromise, connected to high-value networks and detection often only happens after the fact.
In this talk we will share real-world vulnerabilities in industrial control environments and discuss why these insecure design patterns exist, including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems.