Secure Digital Life #21
Recorded June 27, 2017 at G-Unit Studios in Rhode Island!
The Importance of Being SCADA or How I Learned to Stop Worrying and Love the SCADA
Supervisory Control and Data Acquisition
What is it? Talk about mainframes and proprietary systems Talk about valves (the american kind) and "servo systems" Talk about switches (the electrical kind) and grids Talk about PLC (programmable logic controllers)
Where is it? Talk about public utililties Talk about buildings (HVAC, etc.)
How is this different from the IoT? Well, it's kind of the same
How do these things get hacked? EMPs -1 Day Exploits -- remember, these things are OLD and proprietary so often they either aren't or can't be updated. The foolishness of "security through obscurity" Embedded exploits Real zero day exploits from add ons Escalation via mods physical security threats (mitnick style walk ons) A complete and total lack of awareness, funding, and focus on security
What do we do now? We need to pay some serious attention to SCADA infrastructure.