Podcasts about scada ics

Mengamankan industrial IoT / ICS / SCADA atau apapun nama kerennya saat ini ternyata tidak mudah. Hal ini disebabkan sumberdaya komputasi yang ada di perangkat IoT (embedded system) biasanya terbatas. Akibatnya pengamanan tidak dapat maksimal. Ini akan menjadi masalah besar di kemudian hari dengan banyaknya perangkat IoT

Podcast: Cyber Security InterviewsEpisode: #051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is DifficultPub date: 2018-04-24Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.Where you can find Robert:LinkedInTwitterBlogThe podcast and artwork embedded on this page are from Douglas A. Brush | Weekly Interviews w/ InfoSec Pros, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Forbes’ 30 under 30 (http://www.forbes.com/pictures/mll45klmm/robert-lee-27/) for Enterprise Technology (2016). A passionate educator, Robert is the course author of SANS FOR578 (https://www.sans.org/course/cyber-threat-intelligence) – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification. Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the HACKNYC (https://q22018.hacknyc.com/en/) , and so much more. Where you can find Robert: LinkedIn (https://www.linkedin.com/in/robmichaellee/) Twitter (https://twitter.com/RobertMLee) Blog (http://www.robertmlee.org/)

In this episode   Employees may face penalties if they misinterpret security policies? Human behavior still seen as the biggest weakness Employers are growing less tolerant of misbehaving employees If you "invite a data breach" you could be held liable http://www.welivesecurity.com/2016/01/14/employees-face-penalties-misinterpreting-security-policies/ New lawsuit filed blaming Twitter for ISIS attack Should social media filter content from terror groups like ISIS? Can social media companies be held liable, why or why not? http://blogs.wsj.com/digits/2016/01/14/lawsuit-blames-twitter-for-isis-terrorist-attack/ SCADA/ICS make incident response more complicated Typical IR activities are complicated by the nature of ICS systems Differences are there, but strategy still possible What is the path forward? http://www.darkreading.com/perimeter/how-incident-response-fails-in-industrial-control-system-networks/d/d-id/1324094 Only in NYC: Dept of Consumer Affairs warns parents of baby monitor hacks These issues seem to come down to default passwords What can the general population do about this? How can we eliminate this behavior in consumer products? http://www.nbcnews.com/tech/security/hack-alert-nyc-regulators-warn-parents-secure-their-baby-monitors-n505391  

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Cassidy-Leverett-Lee-Switches-Get-Stitches.pdf Switches Get Stitches Colin Cassidy Senior Security Consultant at IOActive Éireann Leverett Robert M. Lee This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process. Such MITM manipulation can lead to the plant or process shutting down (think: nuclear reactor SCRAM) or getting into a unknown and hazardous state (think: damaging a blast furnace at a steel mill) Not only will vulnerabilities be disclosed for the first time, but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. Because of this patching lag, the researchers will also be providing live mitigations that owner/operators can use immediately to protect themselves. At least four vendors switches will be examined: Siemens, GE, Garrettcom and Opengear. Colin Cassidy is a security consultant for IOActive where he focuses on Industrial Control Systems. He has a strong development and software engineering background. He is also a seasoned leader in the areas of security and software engineering. Before joining IOActive, Cassidy served for a number of years as Technical Manager and Security Technical Lead for IGE Energy Services, Ltd, part of GE Energy. He has hands-on experience with PowerOn Fusion, a leading Outage Management System/Distribution Management System (OMS/DMS) solution for electricity distribution management. He also led a team of developers in producing new functionality within the core product and worked with customers to understand their requirements. Colin Cassidy has a BSc (Hons) in Computing Science from the University of Glasgow. Twitter: @parttimesecguy Éireann Leverett hates writing bios in the third person. He once placed second in an Eireann Leverett impersonation contest. He likes teaching the basics, and learning the obscure. He is sometimes jealous of his own moustache for being more famous than he is. If he could sum up his life in one sentence; he wouldn't. That would be a life-sentence! He is primarily known for smashing the myth of the air-gap in industrial systems with his master's thesis, finding authentication bypasses for industrial ethernet switches, and working with incident response teams to improve their understanding of industrial control systems security. He believes security takes an awful lot more than penetration-testing and speaks often about the wider effects of embedded system insecurity. Twitter: @blackswanburst Robert M. Lee is a co-founder of Dragos Security LLC where he has a passion for control system protocol analysis, digital forensics, and threat intelligence research. He is also an active-duty U.S. Air Force Cyber Warfare Operations Officer where he has been a member of multiple computer network defense teams including his establishing and leading of a first-of-its-kind ICS/SCADA threat intelligence and intrusion analysis mission. Robert received his BS from the United States Air Force Academy and his MS in Cybersecurity Digital Forensics from Utica College. He is a passionate educator and teaches in the ICS and Forensics programs at SANS and is an Adjunct Lecturer at Utica College where he teaches in their MS Cybersecurity program. Robert is also the author of 'SCADA and Me' and is currently pursuing his PhD at Kings College London with research in control system cyber security. He routinely publishes academic and industry focused works in a wide variety of journals and publications; additionally he has presented at conferences around the world. Twitter: @RobertMLee

Episode 20 - A review of SCADA and ICS security.  The SAA is joined by Chris Sawall (Director Cyber @ Monsanto), Larry Whiteside (CISO @ LCRA) and Parrish Gunnels (CISO @ Celanese)

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Graham-McMillan-Tentler/DEFCON-22-Graham-McMillan-Tentler-Masscaning-the-Internet.pdf Mass Scanning the Internet: Tips, Tricks, Results Robert Graham Paul McMillan Dan Tentler Scanning the net -- the entire net -- is now a thing. This talk will discuss how to do it, such as how to get an ISP that will allow scanning, tools to do the scanning (such as 'masscan'), tools to process results, and dealing with abuse complaints. We Internet, such as all the SCADA/ICS systems we've found. We've only scratched the surface -- the Dark Internet of Things is waiting for more things to be discovered. We expect the audience to have a working knowledge of existing portscanners, namely nmap. Robert Graham is the CEO of Errata Security, a pentest/consulting firm. He's known for creating the first IPS, the BlackICE series of products, sidejacking, and masscan. In his spare time, he scans the Internet. He has been speaking at several conferences a year for the past decade. Twitter: @erratarob Paul McMillan is a security engineer at Nebula. He also works on the security teams for several open source projects. When he's not building or breaking clouds, he enjoys cocktails and photography. Twitter: @paulm Dan Tentler is Co-Founder of a pre-launch startup, a boutique Red Team and security services firm. Previously, Dan has been the sole proprietor of Aten Labs, a freelance Information Security consultancy firm in San Diego. He is often paid to be the bad guy. He's allergic to cyber. Twitter: @viss