Saturday July 15th is your DC404 meeting at Manuel’s Tavern at 2pm
Marina Krotofil will do a dry run of her Black Hat presentation – Evil Bubbles Or How To Deliver Attack Payload Via The Physics Of The Process
Until now electronic communication was considered a single avenue for delivering attack payload. However, when it comes to cyber-physical systems, this assumption does not hold true. When field devices (sensors, valves, pumps, etc.) are inserted into the process, they become related to each other by the physics of the process. Physical process is a communication media for equipment and can be leveraged for delivering malicious payload even if the devices are segregated electronically. Sensors, valves, safety systems on isolated network, analog equipment are all vulnerable to this attack vector.
In proposed scenario, an analog pump is damaged by a targeted manipulation of the upstream valve positioner, evoking cavitation process. The final attack payload is delivered to the pump in form of cavitation bubbles over the liquid flow. We will show the damage scenario “in action” with a physical demo on stage. To make things complicated for the defender, we will forger the valve positioner sensor signal to hide the attack from the operator and to confuse operator about true cause of process upset.
The second part of the talk will deal with the detection of this attack. After all, it is a bad style to introduce a problem without having remedy. Forged sensor signals cannot be detected with any traditional IT security methods. The detection has to take form of process data plausibility and consistency checks. By monitoring health of pump we will be able to figure out the ongoing detrimental state of the process and accurately determine the ongoing cavitation process and its likely cause – all with a live demo on stage.
By the end of this talk the audience will recognize that security and safety zoning should expand all the way into the physical process (to consider interaction of equipment via the physical process).
Marina Krotofil is Lead Security Researcher at the Honeywell Cyber Security Lab. Previously she worked as a Senior Security Consultant at the European Network for Cyber Security. Her research over the last few years has been focused on discovering unique attack vectors, design vulnerabilities, engineering damage scenarios and understanding attacker techniques when exploiting control systems. Marina authored more than 20 academic works and white papers on cyber-physical security. She gives workshops on cyber-physical exploitation and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.
Come prepared to share what you are working on. Your project doesn’t have to be complete and slides are not required (like show-n-tell).
We will have a projector if you need it.
We will also be hosting a mini lock pick village and NetKotH (Network King of the Hill).
Bring a laptop and your favorite tools (like Kali Linux or ArchStrike)
Our meetings are at Manuel’s Tavern. Free parking is behind Manuel’s and on the South side across the alley.
We may be meeting in the First Level room or the Eagle’s Nest.
To get to the First Level room:
From the front entrance on North Highland immediately turn right, go past the bathrooms to the First Level room.
From the back parking lot entrance, go all the way to the front doors, turn right, go past the bathrooms to the First Level room.
To get to the Eagle’s Nest room:
From the front entrance on North Highland immediately turn left, go through the dinning room to the Eagle’s Nest in the back.
From the back parking lot entrance make the first right and the Eagle’s Nest will be on your right.
602 North Highland Ave NE
Atlanta, GA 30307
All ages/skill levels welcome. No dues, feel free to bring new friends.
Our Home page: http://dc404.org
Sign up for the chat/discussion list – it’s low traffic, keeps you in the loop, and enables you to communicate with the other DC404 folks:
IRC Channel: #dc404 chat.freenode.net
Web IRC: https://webchat.freenode.net/