kaspersky sas scada in the cloud

*All pictures are taken from Dr StrangeLove movie and other Internets

Sergey Gordeychik

¨  Group of security researchers focused on ICS/SCADA

to save Humanity from industrial disaster and to keep Purity Of Essence

Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin

Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov

Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko

https://icsmap.shodan.io/

―  Google dorks ―  Configuration scripts ―  FS structure ―  etc.

-­‐-­‐snip-­‐-­‐      Comment  to  PT-­‐SOL-­‐2014001:  The  upload  path  has  been  changed.  It  is  sAll  possible  to  upload  files,  but  they  can't  overwrite  system  criAcal  parts  any  more.      Comment  to  PT-­‐SOL-­‐2014002:  The  system  backup  is  created  in  a  randomly  chosen  path  an  deleted  aJerwards.  Therefore  an  unauthorized  access  is  made  much  more  difficult  and  very  unlikely.      Second  comment  to  PT-­‐SOL-­‐2014002:  In  order  to  compensate  the  weak  encrypAon  in  the  configuraAon  file,  the  whole  configuraAon  file  is  now  encrypted  via  the  new  HTTP  transmission.      -­‐-­‐snip-­‐-­‐  

To hack what? Grandmom’s reel 2 reel recorder?

*Special Bushehr photo for scary ICS security slides

*

http://scadastrangelove.blogspot.com/2014/12/sos-secure-open-smartgrids.html

As a side note, there is about a 3GW buffer in the European energy grids -- take 3GW off the net within a couple of seconds (or add them), and lights will go out. For quite a long while.

0

50

100

150

200

250

ABB Advantech Emerson Honeywell Other Siemens Schneider Electric

Total Total Fix Vulns Fixed

¨  PHDays III Choo Choo Choo Pwn ¡  Security assessment/Pentest

¨  PHDays IV Critical Infrastructure Attack ¡  0-day research

http://bit.ly/1t8poTL http://www.phdays.com/press/news/38171/

¨  Goals ¡  0-day research on ICS components ¡  Make a disaster ¡  0-day/1-day, CVSS, complexity, exploit, practical impact (e.g. disaster)

ú  Mom, I can spoof MODBUS tag = 0 ;) ¨  Tragets

¡  Schneider Electric ú  Wonderware System Platform, InduSoft Web Studio 7.1.4, ClearSCADA, IGSS, MiCOM

C264 ¡  Siemens

ú  Flexible, TIA Portal 13 Pro, WinCC, KTP 600, Simatic S7-1500 (1511-1 PN), S7-300 (314С-2 DP + CP343), S7-1200 v3, S7-1200 v2.2

¡  Rockwell Automation ú  RSLogix 500, Allen-Bradley MicroLogix 1400 1766-L32BWAA

¡  WellinTech KingSCADA, ICONICS Genesis64, ICP DAS PET-7067, Kepware KepServerEX(S7, DNP3), Honeywell Matrikon OPC (Modbus, DNP3), etc.

¨  Winners ¡  Alisa Esage – SE InduSoft Web Studio 7.1 ¡  Nikita Maximov & Pavel Markov - ICP DAS RTU ¡  Dmitry Kazakov - Siemens Simatic S7-1200 PLC

¨  2 days – 10+ 0days ¨  Responsible disclosure: in progress ¨  Fixes?

Marinna Krotofil, 31C3, Hamburg, Germany

Marinna Krotofil, 31C3, Hamburg, Germany

Information Security

?

¨  Industrial security: directly affect industrial safety, can cause man-made disaster

¨  Economic efficiency: affect quantitative economic indicators of the processes, automated with ICS

¨  Other functional safety and reliability issues: affect qualitative or quantitative indicators of performance, reliability and security (SIL, MTBF, etc.)

a process that ensures control object operation with no dangerous failures or damage, but with a set economic efficiency and reliability level maintained in the light of adverse anthropogenic information influence

Yellow

Green

http://www.theguardian.com/world/2013/jul/25/spain-train-crash-travelling-so-fast

Safety Integrity Level Probability of Failure on Demand (PFD)

Probability of Failure per Hour (PFH)

Yellow

Red

What is the mean time between failures (MTBF) for Windows-based HMI if the operator follows recommended patch management practice?

Modern Smart Grid: - ICS/SCADA - Mobile carrier - Billing/Payment - IoT -Cloud

Alexander @arbitrarycode Zaitsev

Alexey @GiftsUngiven Osipov

Kirill @k_v_nesterov Nesterov

Dmtry @_Dmit Sklyarov

Timur @a66at Yunusov

Gleb @repdet Gritsai

Dmitry Kurbatov

Sergey Puzankov

Pavel Novikov

*All pictures are taken from Dr StrangeLove movie and other Internets

*All pictures are taken from google and other Internets

Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko