One of our threat researchers, Mars Cheng, was recently invited by SINCON to give a 30-minute talk about how hackers take control of ICS and SCADA systems: ‘Confirming Red Alerts – Taking Over and Compromising ICS & SCADA’. If you’ve ever wanted a hands-on look at an intruder’s process, as well as the direct damage to hardware an intruder can do, look no further. In this talk, Mars provides straightforward and practical demonstrations of the current threat environment and how attacks can hit ICS or SCADA.
After a quick overview of what an ICS is and how these systems are commonly put together, complete with diagrams and an explanation of the system’s anatomy, Mars launches into an explanation of the key changes in threat paradigm over the last 11 years. In this video, you can expect an overhead view of ICS protocols and what defines the differences between public and private protocols, as well as how these industrial protocols define the nature of a bad actor’s attack. Mars also gives a practical demo of how a threat actor using an exploit can break machinery and disrupt operations, included within an overview of what a work site attack looks like and how it fits together.
This knowledge is crucial to understanding how to protect a work environment from cyber risk, which is the focus of the last part of Mars’ talk. Mars closes with an explanation of the recommended defense strategies from ICS-CERT, and he outlines the five tactics that can prevent 98% of incidents. This is a talk explaining the essentials of the modern work site, the current threat landscape, and ICS defense – watch it here.