I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to a technical audience. It is not for everyone. There are no best practice papers, standards or gov program overviews, policy or SCADA 101 presentations. But if you are craving some technical meat down to the byte, protocol, metric/mathematics, exploit, … level and want to talk to other technical and thought leaders, you should consider S4.
Preview Paper: Security Testing, Vulnerabilities and Exploits in Operating Systems Used in Control System Field Devices by Daniel Peck et al, Digital Bond
Last year Daniel had a paper that demonstrated how rogue software could be loaded onto two different field devices, and how an attacker might leverage the Boreas vulnerability. This culminated with a proof of concept field device worm. In his paper this year, Daniel continues his look at the security, or lack thereof, of PLC’s, PAC’s, RTU’s and other field devices.
A major focus of security in operator stations, historians, realtime and comms servers, and other servers and workstations in a control system is their operating system [OS]. This is most often some flavor of Windows or *nix. Field devices also have one or more OS’s running on them, and these OS have had minimal scrutiny.
In this paper Daniel provides some background information on the OS commonly found on field device CPU and Ethernet cards. The different chips and architecture are discussed and future trends are forecasted. Then comes the crux of the paper: susceptibility to common attacks.
There are a number of older attacks that were successful on OS in the nineties and earlier in this decade. These have largely been fixed in workstation and server OS. Have they been fixed in field device OS? Daniel will reveal the testing results on a variety of field device OS in Digital Bond’s lab. [BTW the lab will be available for physical attendees to attack during S4]. The paper finishes with results from more modern attacks that are customized for the field device category.