Pra

www.scadasl.orgICS/SCADA

Alexander TimorinAlexander TlyapovAlexander ZaitsevAlexey OsipovAndrey MedovArtem ChaykinDenis BaranovDmitry EfanovDmitry NagibinDmitry SerebryannikovDmitry SklyarovEvgeny ErmakovGleb GritsaiIlya KarpovIvan PoliyanchukKirill NesterovRoman IlinSergey BobrovSergey DrozdovSergey GordeychikSergey ScherbelTimur YunusovValentin ShilnenkovVladimir KochetkovVyacheslav EgoshinYuri GoltsevYuriy Dyachenko

SCADA/PLC

*ICS Security in 2014, Evgeny Druzhinin, Ilya Karpov, Alexander Timorin, Gleb Gritsay, Sergey Gordeychik

http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf

5

http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf

6

IPC

8

9

10

Google dorks

11

Google

12

13

!!!!!

14

15

--snip--Comment to PT-SOL-2014001:The upload path has been changed. It is still possible to upload files, but they can't overwrite system critical parts any more.Comment to PT-SOL-2014002:The system backup is created in a randomly chosen path an deleted afterwards. Therefore an unauthorized access is made much more difficult and very unlikely.Second comment to PT-SOL-2014002:In order to compensate the weak encryption in the configuration file, the whole configuration file is now encrypted via the new HTTP transmission.--snip--

16

117.220 MW (1/22)

Sergey Gordeychik () - 10x SASNordex

CVE

Google

990.390 MW

*Special Bushehr photo for scary ICS security slides*

ping 8 077 220 000 W

#SCADASOS

http://scadastrangelove.blogspot.com/2014/12/sos-secure-open-smartgrids.html

#SCADASOS 62XZERES 442SR Wind Turbine CSRF SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability

33

TCP/IP

IP

LTEA5/3 GEA 21282G()A5/1A5/0

36

4G

Karsten Nohl, CCC, Hamburg, Germany, 2014

(u)SIM (Kc, TIMSI)(A5/3)SIMSIM""PIN/PUKSIM

Alexander Zaitsev, Sergey Gordeychik , PacSec, Tokyo, Japan, 2014

3GAlexey Osipov, Alexander Zaitsev, Black Hat USA 2015, Las Vegas

4GLinux/Android/BusyBox/VxWorksCWID USB SCSI CD-ROM USBMMC USB (MicroSD )COM(UI, AT)NDISWiFi

Kirill Nesterov, Timur Yunusov,HITBSec 2015, Amsterdam

40

41

42

43

First one to guess now to bypassBIOS secure boot gets

133t prize or free beer!

USBTravis Goodspeed, Sergey Bratus, https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-You_wouldnt_share_a_syringe_Would_you_share_a_USB_port-Sergey_Bratus+Travis_Goodspeed.pdf

BADUSB

scadastrangelove.blogspot.com/2015/10/badusb-over-internet.html

SCADA

51

SCADA?

#CablemeltingBAD

33

http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf

61

http://scadastrangelove.blogspot.com/2013/11/scada-security-deep-inside.htmlIEC 61850 tools:

@PHDaysPHDays III Choo Choo Choo Pwn /PHDays IV Critical Infrastructure Attack

http://bit.ly/1t8poTLhttp://www.phdays.com/press/news/38171/

63

PHDays IV CIAICS/CVSS()Schneider Electric Wonderware System Platform, InduSoft Web Studio 7.1.4, ClearSCADA, IGSS, MiCOM C264 Siemens Flexible, TIA Portal 13 Pro, WinCC, KTP 600, Simatic S7-1500 (1511-1 PN), S7-300 (314-2 DP + CP343), S7-1200 v3, S7-1200 v2.2Rockwell Automation RSLogix 500, Allen-Bradley MicroLogix 1400 1766-L32BWAAWellinTech KingSCADA, ICONICS Genesis64, ICP DAS PET-7067, Kepware KepServerEX(S7, DNP3), Honeywell Matrikon OPC (Modbus, DNP3)

64

PHDays IV CIAAlisa Esage SE InduSoft Web Studio 7.1Nikita Maximov & Pavel Markov - ICP DAS RTU Dmitry Kazakov - Siemens Simatic S7-1200 PLC 210

65

https://www.youtube.com/watch?v=w8T-bbO3Qec

Digital Substation Takeover

SIPROTEC 4DoS

5000/udpDoS

The Power of Japan

Japan energy stations map: megawatts and location

Ukishima solar power plant

Kagoshima solar power plant

Kagoshima plant diagramSUNNY CENTRAL 500CP-JP

The 70-megawatt system in Kagoshima is a good example of how important it is to have the right service partner at your side - someone with broad experience, who can respond to unexpected events in a flexible manner.

http://www.sma.de/en/products/references/kagoshima.html

Kagoshima plant diagram

ICS Security in Japan600+ SCADA/PLC on the Internet

ICS Security in Japan

PS

12

15012,500

SIL 4!

SIL 4?!

Safety Integrity Level ()(PFD)1(PFH)

SIL 4? 15root!

12

http://www.theguardian.com/world/2013/jul/25/spain-train-crash-travelling-so-fast

PPS

OT

:- ICS/SCADA--/- IoT-

SMSroot

Alexander @arbitrarycode ZaitsevAlexey @GiftsUngiven Osipov Kirill @k_v_nesterov NesterovDmtry @_Dmit SklyarovTimur @a66at YunusovGleb @repdet GritsaiDmitry Kurbatov Sergey PuzankovPavel Novikov

*All pictures are taken from Dr StrangeLove movie and other Internets

Scadasl.orgSCADA STRANGELOVE

:

93

94

ATM95

*All pictures are taken from google and other Internets

Alexander TimorinAlexander TlyapovAlexander ZaitsevAlexey OsipovAndrey MedovArtem ChaykinDenis BaranovDmitry EfanovDmitry NagibinDmitry SerebryannikovDmitry SklyarovEvgeny ErmakovGleb GritsaiIlya KarpovIvan PoliyanchukKirill NesterovRoman IlinSergey BobrovSergey DrozdovSergey GordeychikSergey ScherbelTimur YunusovValentin Shilnenkov Vladimir KochetkovVyacheslav EgoshinYuri GoltsevYuriy Dyachenko