I presented “You Have No Integrity” today at the SANS SCADA Security Summit in Orlando, Florida. The presentation included numerous examples on how ICS lack integrity — if you can get to the ICS it is game over because source and data authentication is absent. It also dealt with the lack of integrity in the ethical sense in the ICS community and how we can move forward to address this. I hope to record some audio and make the presentation available next week.
At the presentation I mentioned a number of videos and links. Here they are:
- Ralph Langner’s Stuxnet Deep Dive from S4x12
- Rockwell Automation ControlLogix Metasploit Module
- Project Basecamp
- Schneider Modicon Quantum Stuxnet-Type Metasploit Module
- GE D20 Obsolescence
- CoDeSys 3S Vulnerabilties and Tools
- ICS-CERT CoDeSys Advisory
- Tyler Klingler’s ICS Spear Phishing from S4x13
- GE Atlanta Data Highway Stats
- Power Pwn
- Dale Peterson’s 10 Minute NOW Keynote from S4x13