For my first blog post at Digital Bond I’m going to break The Rule and talk about what happened in Vegas.
Every year I head to Las Vegas in early August for DEF CON. Usually I’m participating with my fine teammates in the capture-the-flag competition but this year we failed to qualify (sadface). I had heard rumblings of a proposal to start an ICS Village which was a relief because I had no idea what to do with myself at DEF CON without CTF.
Our proposal got accepted and DEF CON 22 had it’s first ICS Village. Spoiler: it was awesome and we’ll be back next year.
Over a dozen people worked together to create the village. Phoenix Contact provided a ton of equipment so Props to Thomas VanNorman and crew. We had a large mock water treatment plant that included multiple PLCs, networks, protocols, and radio communications (plus some flashy lights and sounds). Also a hit were PLC driven robotic arms that attendees could control with provided joysticks or by plugging in their laptops and slinging some code.
The most bestest thing (in my totally unbiased opinion) was the SCADA-from-scratch, done by myself and Ken Shaw, which was a mockup of our homebrew automation system that we installed for use in a local brewery (see what I did there). Given that a large portion of the audience would be completely unfamiliar with ICS technologies we thought it would be interesting to present the “post-apocalyptic” approach to solving the problem with modern hardware, software, and design principles and see the attendee reactions to the contrasts. Our slides are posted here and you can watch the talk online.
Additionally, there were some really great talks by John Matherly on Shodan, Cutaway on radio hacking, Anthony and Bryan of ICS-CERT watch floor un-fame, Chris Sistrunk discussing Project Robus, a grabbag from Atlas 0f d00m, and others. If I get recordings of those I’ll post links.1
Overall it was very well received and went surprisingly smoothly for being a first year event with a non-ICS focused audience. Thanks to all who helped make it awesome, particularly Bryan Hatton (@phaktor) for taking point. That said, there are a lot of areas in which we can improve.
On that topic I am excited to be joining Digital Bond because they know a thing or two about running an ICS Village. I’m looking forward to being involved in the village at S4 and engaging with an audience that already knows ICS. Working with Reid at Digital Bond Labs is going to be great and we’re pretty fired up about the projects we’ve got going on. Stay tuned for fun things.
Photos by Nadeem Douba, Claudio Caracciolo, John McNabb
1. http://www.slideshare.net/chrissistrunk/master-serial-killer-def-con-22-ics-village