![Page 1: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/1.jpg)
CONTROL SYSTEMSAND CYBER SECURITY
2600 MEETING JUNE 6,2014M I C H A E L T O E C K E R
Mikhail Turcher, big fanci pantsie
![Page 2: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/2.jpg)
CYBER
SECURITY OVERVIEW
M O D U L E 1
Ooooh… Cybah Cybah Cybah Overfuncher!
![Page 3: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/3.jpg)
BASICSControl Systems are computing systems that monitor and
control physical processes
We’re talking powerplants, locomotives, water treatment, building operations, and stuff like that
Uses things called Programmable Logic Controllers, Remote Terminal Units take in signals from things like pumps, valves, motors, etc
Basi….. Sknnnnzzzz….
![Page 4: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/4.jpg)
Electro-Mechanical Logic
Pneumatic Logic
Programmable Logic
Distributed ControlSystem
Evolution of Control Systems
Dis presentation needs more goats
![Page 5: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/5.jpg)
HUMAN INTERACTIONTHEN AND NOW
Buttons, Levers, Paper Trend Plotters, Annunciators, all linked to Relays and Actuators through
Electronic or Pneumatic Communications utilizing
Relay/Ladder Logic
Computer Systems and Displays, linked to Digital
Process Controllers through High Speed Ethernet Based
networks utilizing Field Programmable Gate Array and
Function Block Logic
I tells him to Pressy the butensies!! Press them!!! He does not.
![Page 6: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/6.jpg)
CYBER SECURITYThe problem is, use of normal IT stuff has
caused Control Systems to inherit the same vulnerabilities of those IT systems…
Ever been hacked? How did that affect your computer? Other computers you own?
Imagine being the computer that runs the Chemical Plant down the road.
I be doin the hackring.. Hackring and slashring in Skyrim… MY KNEE!!
![Page 7: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/7.jpg)
BUT….
Computation evolved into Networked systems
Prioritized the fast, efficient, and easy sharing of data
Control Systems and Information Systems were easily connected together, up to and including the Internet
Vulnerabilities in these Systems allows Malicious Individuals to Access and Disrupt operations
Coding Practices assumed good behavior, but did not enforce it.
Networked Systems allowed access from remote locations, or over the Internet
The I
ntroducti
on of
Computers a
lso Brou
ght the
Vulnerabilit
y of t
he Infor
mation
Age
Heh. Goatsies.
![Page 8: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/8.jpg)
WE APOLO
GIZE FOR TH
E
FAULT IN TH
E SUBTITLES..
T H O S E RE S P O N S I B
L E HAV E B
E E N SA C K E D
![Page 9: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/9.jpg)
NOTABLE CYBER
EVEN
TS
Government Developed Computer Virus
Designed to disrupt the Iranian nuclear enrichment process at Natanz
Three Modes of Operation Windows Based, designed to infect
Windows systems Siemens Simatic, designed to subvert
communications between the PLC and Simatic Applications
Siemens S7 PLC Based, designed to run equipment outside of operating envelope, and conceal operating parameters from operators.
Stuxnet
is the P
rime E
xample
of a C
yber
Securit
y issu
e
affec
ting Con
trol S
ystem
s
![Page 10: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/10.jpg)
TARGETED IRAN’S NATANZENRICHMENT FACILITY
Control Systems
Mahmoud Ahmadinejad
![Page 11: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/11.jpg)
INFECTED PLCS BROKE CENTRIFUGES
This Runs These
Also Mahmoud Ahmadinejad
![Page 12: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/12.jpg)
STUXNET’S GOALReduce the capability of the Iranian Government to produce
Nuclear materials It Damaged Systems It reduced quality of the product Destroyed Centrifuges
Hid itself from the operatorsPersonally, I have great sympathy for the Iranian Engineers…. I’d hate to have to go to my boss, repeatedly, and tell him my system
was f*cked up, not matter what I was doing to fix it.
This is Enriched Uranium
![Page 13: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/13.jpg)
DANCING MONKEYS….
Super Secret Easter Egg in Siemens PLCs, Used at Natanz
found
by Dillon Beresford
![Page 15: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/15.jpg)
DIGITAL BOND’S PROJECT BASECAMP
Intended to focus attention on vulnerabilities in control system devices, to get vendors to change how insecure their devices actually were.
Full Disclosure: I work for Digital Bond
![Page 16: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/16.jpg)
THREATPOST, 2011
Hacker pr0f gained access to, and posted pictures of the South Houston water Treatment plant.
![Page 17: Control Systems And Cyber Security 2600 Meeting June 6,2014](https://reader035.vdocuments.site/reader035/viewer/2022070422/568165a3550346895dd88348/html5/thumbnails/17.jpg)
CONCLUSIONS Control Systems run Industrial StuffThey use normal IT componentsThey don’t spend much time on security, if anyGovernments have used control systems to do bad things to
other governmentsYou can find these things on the Internet…. Bad guys can exploit this stuff over the internet.