Welcome to the interactive agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the ICS Cyber Security Conference and training here)
Back To Schedule
Monday, October 21 • 12:30pm - 1:15pm
Hacker Machine Interface – Attacking the Energy & Water Sectors (Lunch Workshop)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Energy & Water (E&W) sectors are critical to the economy of every nation and need to be secured. During our investigations we found a certain amount of exposed and unprotected E&W systems online accessible via their exposed HMIs, bringing with them a danger to these Critical Infrastructure (CI). We wish to stress that contrary to many sensationalized stories on the vulnerability of Internet connected CI, our findings were limited to small-to-medium sized organizations within these sectors. Large CI organizations have security firmly in mind, but they still consider their ICS infrastructure susceptible to cyber attacks. However, the exposure of these more mid-tier organizations is still cause for concern for two reasons. Firstly, because of CI interdependencies and the distribution network setups, failures in these mid-tier organizations will have cascading and far-reaching after-effects further up the Supply Chain. Secondly, for would-be attackers these mid-tier players act as the perfect test bed for attack strategies to try out their effects in less risky ways. In this talk we present the following:
  • Using OSINT techniques we probe the E&W sectors to see what types of exploitable cyber assets are accessible to would-be attackers
  • Findings from past ICS security research papers to highlight the potential threats faced by exposed cyber assets
  • An analysis of common SCADA HMI vulnerabilities discovered by Trend Micro’s Zero Day Initiative (ZDI)
  • Attempt to identify likely attackers, probe their motives, and assess damage potentials
  • Conclude with a discussion about the challenges faced in securing IT-OT environments

Sponsored by: Trend Micro

avatar for Numaan Huq

Numaan Huq

Numaan Huq, Trend Micro
Numaan Huq is a Senior Threat Researcher with Trend Micro’s Forward-Looking Threat Research (FTR) Team. He has been working for over a decade in the Computer Security Industry and has extensive experience analyzing the latest cyber-threats, software exploits, and malware families... Read More →

Monday October 21, 2019 12:30pm - 1:15pm EDT
Hope III