Project Shine

The Unsolicited Response Podcast occurs whenever events warrant. Late last week I recorded an interview with Bob Radvanovsky who is the owner of SCADASEC and one of the leaders of Project Shodan Intelligence Extraction (Project Shine).

Project Shine has found over 500,000 Internet accessible devices that can be loosely classified as SCADA, DCS or other control system devices. We covered a lot of ground from the motivation of the project, project team, how they identify devices, how they create search terms, what this data means and what they are going to do with the data.

The part I found most interesting was Project Shine’s interaction with DHS. DHS took the 500,000 devices and pulled out 100,000 that fit their criteria as ICS devices and then further used some methodology to reduce this down to 20,000 devices. Bob and the Project Shine team don’t plan on handing the data over to PACS-WG or other efforts outside of DHS due to their perceived privacy of this information.

Related Links:

SCADASEC Mailing List


Related ICS-CERT Alert

Eireann Leverett’s S4 Video: Denial of Surface – Shodan and ICS

Image by M. Keefe