Giving the Black Hats the keys to the store…

April 25, 2008
Training the Bad Guys Dale Peterson’s April 22nd blog had the following: “Jason Larsen’s presentation on SCADA and Control System hacking from Blackhat Federal 08 is now available.” There has been a prevailing view that control systems are secure because they are so arcane and obscure. However, the area of “SCADA Security” is making its way into the mainstream community, and worse, the hacking community. As long as four years ago, presentations were being made at “Black Hat” (hacker) conferen...
Training the Bad Guys Dale Peterson’s April 22nd blog had the following: “Jason Larsen’s presentation on SCADA and Control System hacking from Blackhat Federal 08 is now available.” There has been a prevailing view that control systems are secure because they are so arcane and obscure. However, the area of “SCADA Security” is making its way into the mainstream community, and worse, the hacking community. As long as four years ago, presentations were being made at “Black Hat” (hacker) conferences on “SCADA security”. Some of these presentations may not have been technically accurate, but they have spurred interest in the subject by individuals we would rather not be involved. In fact, about three years ago, SAIC gave a presentation at a Black Hat Conference on how to hack control systems. What made this presentation unique and scary was that it provided bit-by-bit instructions on how to hack specific control system protocols. I personally have worked with Jason on vulnerability assessments when he was at INL and with the initial control system cyber attack demonstration at INL in 2004. Jason is very knowledgeable.  Consequently, when I found out he had given a presentation at Black Hat, I was extremely concerned. What’s more, Jason is scheduled to give two training classes on hacking PLCs at Black Hat in Las Vegas in August. When I asked him why, his answer was they were interested. Of course they are. Wouldn’t a bank robber want to know how to rob a bank? But just because they are interested is not an excuse to train the “bad guys.”  You can’t legislate ethics, but common sense should prevail. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.