ICS Security Event

Continuing to highlight some sessions that will be at S4x14, Jan 14-17 in Miami Beach. Register Now.

SCADA Apologist or SCADA Realist with Eric Byres and Dale Peterson

Is Eric a SCADA Apologist or SCADA Realist? Is Dale living in a dream world filled with unrealistic expectations, full of sound and fury? Eric and I have had an ongoing disagreement through a series of blog posts on this topic. At S4x14 we will debate and discuss this on stage, and attendees will also get a chance to make their case and ask questions.

Harvard Architecture Exploitation with Josh Thomas & Nathan Keltner

This is a great example of top researchers in the IT security community coming over and working in ICS. Exploitation on Harvard architecture chips presents unique challenges as opposed to the x86/x64 Von Nuemann chipsets we know and love. Different attack and exploit techniques are required. Josh will use the Teridian line of smart grid SoCs as an example.

Applying SDL to Legacy Code with Matthew Theobald

Schneider Electric, like most ICS vendors, has a lot of legacy code in products and applications they need to support for decades. Even if a vendor has a great SDL for new code, there are likely large numbers of latent bugs and vulnerabilities in that legacy code. Matthew will present actionable steps that can be taken by vendors to improve the security of their legacy code in a way that compliments the application of SDL practices to new software development. He will recommend ways to determine priorities, improve legacy code quality and security in the short term, control third party and open source code risks, and create SDL deliverables typically developed in the Requirements and Design phases.

HART as an Attack Vector with Alexander Bolshev

The HART protocol has received little attention from the ICSsec community. Alexander changes this. In addition to addressing the same insecure by design issues that plague most ICS protocols, he will use access to the 4 to 20mA control loop to attack the entire plant, including applications and protocols that appear to be unrelated to HART.

At Least Pretend You Care: Writing ICS Specific Vulnerabilities with Sean McBride

This quick hit, 15-minute session will make you laugh, cry, and cheer as it draws on real advisories from vendors, government and researchers, to describe what to do (and what not to do) when “helping” stakeholders make accurate decisions.