Robert Graham & David Maynor from ISS are scheduled to speak at this year’s Black Hat Federal in a few weeks.

The summary for SCADA Security and Terrorism We’re Not Crying Wolf!

Many are beginning to believe the FUD about SCADA is merely the cyber-security industry employing scare tactics. This presentation will erase all doubt. Understanding SCADA security is easy: there is none. The back end networks that control our power, oil/gas, manufacturing, water, and transportation systems have no security. In most cases, the systems themselves don’t support authentication, encryption, or even the most basic validation protocols. The few systems that do support these protocols are usually run with security features disabled.

Under contract with our customers, Internet Security Systems has pen-tested many of the worldís most important national SCADA networks and can confirm that the cyber-security fears are justified. The destruction hurricane Katrina caused in the Gulf Coast area demonstrated the severe effects of a regional infrastructure disruption on the nation (and indeed the world). Through these unsecured back end networks, which are increasingly connected to the Internet, hackers anywhere in the world can easily target and disrupt national infrastructure using everything from a WAP-enabled cell phone to an Excel spreadsheet. Law makers in Washington are rightly concerned that this lack of security could easily lead to a major cyber-terrorist incident. Attendees to the session will: learn what the black-hats know about SCADA, hear anecdotes from our pen-tests and witness our live demo.

For now, I’ll withhold any commentary except to say that from this description it doesn’t like there will be any new technical content, but we’ll see…

Blackhat’s of late have been full of surprises. Who would have thought that last Summer we’d see the legal drama over Mike Lynn’s IOS Vulnerability Presentation or be able to watch the pages being cut from the conference binders on film?

Since I won’t be attending the conference, I’d love for somebody to give me their impressions of the content and the demo!