欧州におけるスマートグリッドの実践的セキュリティアセスメント by...
TRANSCRIPT
Pra
www.scadasl.orgICS/SCADA
Alexander TimorinAlexander TlyapovAlexander ZaitsevAlexey OsipovAndrey MedovArtem ChaykinDenis BaranovDmitry EfanovDmitry NagibinDmitry SerebryannikovDmitry SklyarovEvgeny ErmakovGleb GritsaiIlya KarpovIvan PoliyanchukKirill NesterovRoman IlinSergey BobrovSergey DrozdovSergey GordeychikSergey ScherbelTimur YunusovValentin ShilnenkovVladimir KochetkovVyacheslav EgoshinYuri GoltsevYuriy Dyachenko
SCADA/PLC
*ICS Security in 2014, Evgeny Druzhinin, Ilya Karpov, Alexander Timorin, Gleb Gritsay, Sergey Gordeychik
http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf
5
http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf
6
IPC
8
9
10
Google dorks
11
12
13
!!!!!
14
15
--snip--Comment to PT-SOL-2014001:The upload path has been changed. It is still possible to upload files, but they can't overwrite system critical parts any more.Comment to PT-SOL-2014002:The system backup is created in a randomly chosen path an deleted afterwards. Therefore an unauthorized access is made much more difficult and very unlikely.Second comment to PT-SOL-2014002:In order to compensate the weak encryption in the configuration file, the whole configuration file is now encrypted via the new HTTP transmission.--snip--
16
117.220 MW (1/22)
Sergey Gordeychik () - 10x SASNordex
CVE
990.390 MW
*Special Bushehr photo for scary ICS security slides*
ping 8 077 220 000 W
#SCADASOS
http://scadastrangelove.blogspot.com/2014/12/sos-secure-open-smartgrids.html
#SCADASOS 62XZERES 442SR Wind Turbine CSRF SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability
33
TCP/IP
IP
LTEA5/3 GEA 21282G()A5/1A5/0
36
4G
Karsten Nohl, CCC, Hamburg, Germany, 2014
(u)SIM (Kc, TIMSI)(A5/3)SIMSIM""PIN/PUKSIM
Alexander Zaitsev, Sergey Gordeychik , PacSec, Tokyo, Japan, 2014
3GAlexey Osipov, Alexander Zaitsev, Black Hat USA 2015, Las Vegas
4GLinux/Android/BusyBox/VxWorksCWID USB SCSI CD-ROM USBMMC USB (MicroSD )COM(UI, AT)NDISWiFi
Kirill Nesterov, Timur Yunusov,HITBSec 2015, Amsterdam
40
41
42
43
First one to guess now to bypassBIOS secure boot gets
133t prize or free beer!
USBTravis Goodspeed, Sergey Bratus, https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-You_wouldnt_share_a_syringe_Would_you_share_a_USB_port-Sergey_Bratus+Travis_Goodspeed.pdf
BADUSB
scadastrangelove.blogspot.com/2015/10/badusb-over-internet.html
SCADA
51
SCADA?
#CablemeltingBAD
33
http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf
61
http://scadastrangelove.blogspot.com/2013/11/scada-security-deep-inside.htmlIEC 61850 tools:
@PHDaysPHDays III Choo Choo Choo Pwn /PHDays IV Critical Infrastructure Attack
http://bit.ly/1t8poTLhttp://www.phdays.com/press/news/38171/
63
PHDays IV CIAICS/CVSS()Schneider Electric Wonderware System Platform, InduSoft Web Studio 7.1.4, ClearSCADA, IGSS, MiCOM C264 Siemens Flexible, TIA Portal 13 Pro, WinCC, KTP 600, Simatic S7-1500 (1511-1 PN), S7-300 (314-2 DP + CP343), S7-1200 v3, S7-1200 v2.2Rockwell Automation RSLogix 500, Allen-Bradley MicroLogix 1400 1766-L32BWAAWellinTech KingSCADA, ICONICS Genesis64, ICP DAS PET-7067, Kepware KepServerEX(S7, DNP3), Honeywell Matrikon OPC (Modbus, DNP3)
64
PHDays IV CIAAlisa Esage SE InduSoft Web Studio 7.1Nikita Maximov & Pavel Markov - ICP DAS RTU Dmitry Kazakov - Siemens Simatic S7-1200 PLC 210
65
https://www.youtube.com/watch?v=w8T-bbO3Qec
Digital Substation Takeover
SIPROTEC 4DoS
5000/udpDoS
The Power of Japan
Japan energy stations map: megawatts and location
Ukishima solar power plant
Kagoshima solar power plant
Kagoshima plant diagramSUNNY CENTRAL 500CP-JP
The 70-megawatt system in Kagoshima is a good example of how important it is to have the right service partner at your side - someone with broad experience, who can respond to unexpected events in a flexible manner.
http://www.sma.de/en/products/references/kagoshima.html
Kagoshima plant diagram
ICS Security in Japan600+ SCADA/PLC on the Internet
ICS Security in Japan
PS
12
15012,500
SIL 4!
SIL 4?!
Safety Integrity Level ()(PFD)1(PFH)
SIL 4? 15root!
12
http://www.theguardian.com/world/2013/jul/25/spain-train-crash-travelling-so-fast
PPS
OT
:- ICS/SCADA--/- IoT-
SMSroot
Alexander @arbitrarycode ZaitsevAlexey @GiftsUngiven Osipov Kirill @k_v_nesterov NesterovDmtry @_Dmit SklyarovTimur @a66at YunusovGleb @repdet GritsaiDmitry Kurbatov Sergey PuzankovPavel Novikov
*All pictures are taken from Dr StrangeLove movie and other Internets
Scadasl.orgSCADA STRANGELOVE
:
93
94
ATM95
*All pictures are taken from google and other Internets
Alexander TimorinAlexander TlyapovAlexander ZaitsevAlexey OsipovAndrey MedovArtem ChaykinDenis BaranovDmitry EfanovDmitry NagibinDmitry SerebryannikovDmitry SklyarovEvgeny ErmakovGleb GritsaiIlya KarpovIvan PoliyanchukKirill NesterovRoman IlinSergey BobrovSergey DrozdovSergey GordeychikSergey ScherbelTimur YunusovValentin Shilnenkov Vladimir KochetkovVyacheslav EgoshinYuri GoltsevYuriy Dyachenko