Why is SCADA Security an Uphill Battle?
Wednesday, November 20 • 11:00 am - 11:50 am
The presentation will begin by introducing SCADA systems under the hood including RTU, IED, PLC, FEP, PCS, DCS, HMI, sensors, data historians and other SCADA components. The presenter will categories these components into distinct groups based on the functionality that each component provides. We will review the security implications on each of these groups and identify where most of the threats lie. We will take a packet level dive into SCADA protocols and study their security implications. The presentation will give example of attacks that can be carried out against each group and component. The presenter will release an updated version of an open-source tool to identify and inventory SCADA systems using the protocols discussed in this presentation. It will then focus on real world examples of successful and not-so-successful implementations of security controls with SCADA systems which will include examples of what some large organizations have done. We will conclude with guidance on how control system owners can start implementing additional measures to get to an acceptable security.
Attendees who are in charge of control system infrastructure will get insight on what worked and what did not for other organizations. Engineers who are in-charge of security for control systems will get a better technical insight of SCADA protocols and components and can use the open source tool that is introduced. Attendees who are new to control systems will get an excellent overview of security complexities of control systems.