DEF  CON   31

DEF CON 31
T-shirt
Donations

ICS Village will be in-person at DEF CON 31. Check out each village activity, talk schedule, and list of industry experts who will be joining us. Click on tabs below for schedules and times.

Check back soon for more details as we get closer to Vegas. Bring your friends with you to fully enjoy all these events.

Schedule
Talks
Speakers
Activities
Aug 11
11:00 am
What's up, Doc? Using documentation to build better OT security knowledge graphs
Ian Fox
Aug 11
11:30 am
Five (or More) Maritime Cybersecurity Challenges
Gary C. Kessler
Aug 11
12:00 pm
Fireside Chat Between Bryson Bort and TSA Administrator David Pekoske on Joint Program for “At Scale Cyber Risk Assessments and Risk Mitigation Measures for Surface Transportation Stakeholders”
David Pekoske
Bryson Bort
Aug 11
1:30 pm
PANEL: Open Distro of Malicious Maritime Hacking Tools: What Could Go Wrong?
Gary C. Kessler
Austin Reid
Nina Ali
Jason Veara
Aug 11
3:00 pm
Wired for Safety: Prioritizing Safety in Deadly Systems
Jace Powell
Aug 11
3:30 pm
OT Vulnerability analysis methodology
Jeonghoon Bae
Chang Hyun Park
Aug 11
4:00 pm
I'm On The Hype Train: Bottom's Up!
Joe Slowik
Aug 11
4:30 pm
Anatomy of the Top 10 Cybersecurity Terrain for Critical Infrastructure
Mars Cheng
Aug 12
10:00 am
I am the captain now: Taking remote control of ships engines, helm, azipods, ballasting and plenty more.
Ken Munro
Aug 12
10:30 am
EMBA - From firmware to exploit
Michael Messner
Aug 12
11:00 am
Wrenches, Widgets, and Walkdowns: Unraveling the Tangle of Digital Assets in Industrial Control Systems
Tony Turner
Aug 12
11:30 am
Cyber-Physical Detection and Response: A new Paradigm in IACS Monitoring and Security
Ryan Heartfield
Aug 12
12:00 pm
PANEL: Fear and Loathing on Plum Island
Joe Minicucci
Jeremy Jones
Emma Stewart
David Emmerich
Aug 12
1:30 pm
PANEL: Designing and Deploying NOC/SOC in a Mobile, Limited Bandwidth Maritime Environment
Cliff Neve
Brad Proctor
Peter Dreyer
Tom Stites
Danny Joslin
Aug 12
3:00 pm
Your Ship is Leaking... How Social Media Plays a Role in the Uncovering of Critical Maritime Systems
Rae Baker
Aug 12
3:30 pm
Improving the Speed of Cybersecurity: Seven Cyber Metrics for Maritime Owners and Operators
Tyson Meadors
Aug 12
4:00 pm
The Unlikely Romance: Critical Infrastructure Edition
Casey Ellis
Aug 12
4:30 pm
Lessons learned when building a Maritime Systems Security Laboratory Testbench
Brien Croteau
Aug 12
10:41 pm
Exploring the Security Culture of Operational Technology (OT) Organisations: the Role of External Consultancy in Overcoming Organisational Barriers
Stefanos Evripidou
Aug 13
10:00 am
Let's Talk about Voice
Travis “Cyphernaut” Juhr
Aug 13
10:30 am
Vulnerability instead of security: How we managed to hack a PSIM system
Lukas Sokefeld
Manuel Bohé
Aug 13
11:00 am
The Flaws in Cloud-based ICS Ecosystem
Hank Chen
Aug 13
11:30 am
Hunting Aberrant Maritime Network Traffic with Open-Source Software and Hardware
Chet Hosmer
Aug 13
12:00 pm
The War is Coming: Why Securing OPC-UA is more critical than ever
Hank Chen
Aug 13
12:30 pm
Is China Prepping an “Unforgettable Humiliation for GPS & America"
Dana Goward
Aug 12
10:41 pm
Exploring the Security Culture of Operational Technology (OT) Organisations: the Role of External Consultancy in Overcoming Organisational Barriers
This presentation will explore the most common organisational barriers companies using OT face, resulting from practitioner interviews, as part of a PhD research. Broadly the challenges are around governance structures, lack of communication between functions, and the lack of OT cybersecurity expertise. Subsequently, the role of consultants and security solution vendors in overcoming these barriers through consultancy is discussed. While these stakeholders play a crucial part in the development of security culture in OT, organizations need to think about how to absorb, assimilate and retain cybersecurity knowledge.
Aug 13
12:30 pm
Is China Prepping an “Unforgettable Humiliation for GPS & America"
In 1996 China’s People’s Liberation Army suffered “The Unforgettable Humiliation” when two of its missiles intended to intimidate Taiwan when missing because the U.S. fiddled with GPS guidance signals. China has always played ‘the long game.’ It spent the next 24 years creating its own version of GPS. During that same time America and its military became critically dependent on weak GPS signals. To the point where virtually every civil and most military technologies rely on or use GPS to some extent. China’s plans to invade and take Taiwan by force likely also include multiple options for the United States having an “unforgettable humiliation” delivered through GPS. Such an incident could get horribly out of control. But it might not be too late to deter war, prevent humiliation, and defend Taiwan.
Aug 13
12:00 pm
The War is Coming: Why Securing OPC-UA is more critical than ever
Aug 13
11:30 am
Hunting Aberrant Maritime Network Traffic with Open-Source Software and Hardware
Leveraging Open-Source Raspberry Pi Hardware, along with the Python Eco-System we can detect unusual network behavior by passively analyzing ICS protocols such as Modbus and BACnet. This presentation and demonstration will walk-though the key steps to passively instrumenting your Maritime ICS environment.
Aug 13
11:00 am
The Flaws in Cloud-based ICS Ecosystem
In this presentation, I would like to share the insights of the cloud based ICS ecosystem and what is the most valuable vulnerabiltiy for attackers. Also, I will provide several attack senarios to elaborate how the exploitation works and what impacts the attackers can make even more critical than non-cloud based ICS ecosystem. The most critical one could let attacker compromised almost all HMIs registered in the cloud services. And then, I will present the case study about how the attacker can fully compormise the cloud based ICS ecosystem with the vulnerabilities which I found in the same vendor. In the end, I will give my advices from the attacker perspective for ICS vendors and OT security solution providers.
Aug 13
10:30 am
Vulnerability instead of security: How we managed to hack a PSIM system
A Physical Security Management System (PSIM) is a software for efficient security management in properties, buildings and facilities. Via a multitude of interfaces, it records the status and enables the control of security-related systems, such as access control systems, video surveillance systems and many more. Depending on the application, such a system can be used, among other things, to open/lock doors, trigger fire alarms. Etc. PSIM systems are especially common in companies with increased or particularly high security requirements. For example, they are often used by operators of critical infrastructures such as energy suppliers, network operators, water suppliers, airports, etc. Within the scope of our security research, we have examined the leading PSIM system "WinGuard" of Advancis Software & Services GmbH and were able to identify relevant vulnerabilities. By exploiting these vulnerabilities, we managed to obtain admin rights and to bring the system under our control.
Aug 13
10:00 am
Let's Talk about Voice
VoIP, PBXs, and IP phones, Oh my! Phone service is one of the oldest technologies and has received numerous facelifts throughout its lifecycle. While the underlying technology is changing, many of the designs and defaults have not. This talk will discuss the various components, systems, and designs in voice with multiple stops for Q&A as we walk up from micro to macro with historical context. Consider this Voice (In)Security 101 for the past, present, and potential future.
Aug 12
4:30 pm
Lessons learned when building a Maritime Systems Security Laboratory Testbench
As evidenced in the many hands-on demonstrations and activities here at DEF CON, many people learn best through in-depth interactive simulations that can safely replicate the kinds of systems that are commonly found in critical infrastructure and industrial automation systems. Those that simulate maritime platforms, especially Hull, Mechanical, and Electrical (HM&E) systems are especially useful, since by their floating and transient nature are hard to expose individuals wishing to practice security related research and training. This talk will outline the United States Naval Academy's efforts to build out a maritime cyber-physical systems security lab and plans for the future.
Aug 12
4:00 pm
The Unlikely Romance: Critical Infrastructure Edition
When most folks hear the word "hacker" their reaction is one of fear, but those responsible for cybersecurity defense are increasingly understanding the role of the "digital locksmiths" amongst us. While healthcare, power, and other CI verticals have been slower to accept crowdsourcing, adoption is well underway. In this talk, Casey Ellis will unpack the evolution of the unlikely romance between those who hack in good faith and the people who design, develop, deploy, and defend software and hardware intended for critical infrastructure and safety-critical applications.
Aug 12
3:30 pm
Improving the Speed of Cybersecurity: Seven Cyber Metrics for Maritime Owners and Operators
When trying to manage cyber threats and understand cyber attack capabilities, maritime entities benefit by measuring their respective risks and opportunities in temporal terms. This presentation overviews seven cyber metrics that maritime owners and operators should understand and use to measure in order their respective cyber capabilities and prioritize means for improving their defensability and resilience. While these metrics have wider applicability beyond maritime entities, this presentation focuses on maritime transportation examples, use cases, and recent cybersecurity events in order to illustrate the implications of each metric.
Aug 12
3:00 pm
Your Ship is Leaking... How Social Media Plays a Role in the Uncovering of Critical Maritime Systems
This talk begins by giving a brief intro to what OSINT is in relation to the maritime domain and what type of details we might be looking for. Then we will discuss several cases where systems were compromised and then we will walk through ways that these systems and the details are leaked on social media.
Aug 12
1:30 pm
PANEL: Designing and Deploying NOC/SOC in a Mobile, Limited Bandwidth Maritime Environment
The speakers will discuss the challenges and solutions of deploying monitoring, detection, response, containment, and notification for commercial and government ships, including recent deployments that achieved governmental Authority to Operate (ATO). We will cover the handling of OT systems including policies and procedures for governmental ATO.
Aug 12
12:00 pm
PANEL: Fear and Loathing on Plum Island
We will provide a moderated panel to discuss this ""live fire"" exercise in which Utility operators and their security teams defended a relevant and realistic system against the effects of compromised devices and active attack. Their goal was to exercise their emergency response playbook, policies, and procedures in order to ""keep the lights on."" The discussion will describe what goes into planning and executing DOE CESER's full-scale Liberty Eclipse Exercise on Plum Island. Liberty Eclipse is the DOE's operational cybersecurity-focused exercise series promoting public and private partnerships. For the 2022 iteration, participants engaged for the first time in hands-on full-scale operations-based exercise on replicated electrical utility substation equipment. This equipment represented a subset of the equipment comprising the exercise range developed during the Defense Advanced Research Project Agency’s (DARPA) Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program.
Aug 12
11:30 am
Cyber-Physical Detection and Response: A new Paradigm in IACS Monitoring and Security
Digital transformation across the industrial sector is leading to a pervasive, hyperconnected Cyber-Physical threat landscape where cyberattacks against IACS both directly and indirectly impact the Safety, Reliability and Availability of critical infrastructure and supply chains. In this talk, we propose a paradigm shift in OT monitoring and security referred to as Cyber-Physical Detection and Response (CPDR) that unifies how we monitor, detect, investigate, respond, and recover from incidents. We demonstrate with practical examples, use cases (and a live hacking simulation), how CPDR enhances OT and IIoT security monitoring, is straightforward to implement with your existing tools in your existing IACS systems, to rapidly accelerate root cause analysis and response to process anomalies, system faults, and cybersecurity threats; generating rich IACS situational awareness that helps strengthen collaboration between IT and OT teams. Today and in the future, this may just be the difference between shutting down connected operational systems, or not.
Aug 12
11:00 am
Wrenches, Widgets, and Walkdowns: Unraveling the Tangle of Digital Assets in Industrial Control Systems
Digital Asset Awareness is but one of 12 core principles in Cyber Informed Engineering, but its easier to talk about than to actually do. This talk dives headlong into the intricacies of ICS and their digital assets for asset owner operators, exploring the myriad ways we can illuminate the shadowy corners of this digital jungle. Our journey begins with strategies to gain much-needed visibility into digital assets. We explore both traditional and innovative methods for asset discovery, cataloging, and ongoing management, ensuring we can keep our fingers on the pulse of our digital ecosystems. Furthermore, we will explore how concepts around software transparency such as software bill of materials (SBOM) both enhance and complicate the process of digital asset management and what you can do to make this information actionable inside your program.
Aug 12
10:30 am
EMBA - From firmware to exploit
IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area, the used operating systems are summarized with the term firmware. The devices themselves, also called embedded devices, are essential in the private and industrial environments as well as in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection: With EMBA you always know which public exploits are available for the target firmware. Besides the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this, EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more.
Aug 12
10:00 am
I am the captain now: Taking remote control of ships engines, helm, azipods, ballasting and plenty more.
Commercial ships are a complex mix of VSAT, IT, OT, custom protocols, huge sums of $$$, unclear responsibility for cyber and a decade or more of technical debt. There are documented cases of organised crime taking a commercial interest in shipping. Bunkering invoice fraud is rife, but we are also now seeing targeted container theft and threats against port workers. The opportunity to destabilise our supply chains is ever present. From numerous vessel tests, we’ll share our experience of compromising pretty much everything, including the ability to shut down the engines at critical moments, taking control of steering, confusing the bridge crew and more. The Suez incident was not a hack, but it could so easily have been, based on our findings. Add cruise ships and a whole new layer of complexity is created. We’ve got to the point of locking all guests in and out of their cabins, affecting ballasting from guest cabins and causing guest panics that are likely to end up in the media.
Aug 11
4:30 pm
Anatomy of the Top 10 Cybersecurity Terrain for Critical Infrastructure
In recent years, new types of attacks targeting critical infrastructure have emerged one after another. Although the definitions of critical infrastructure vary from country to country, most of them cover industries such as oil, gas, hydropower, and manufacturing. However, the norms, enhancements, and pain points of cybersecurity for critical infrastructure and industrial control systems in various countries are roughly the same. In this session, we will share our conclusions after an in-depth analysis and investigation of global critical infrastructure companies. We will present the top ten cybersecurity statuses and dilemmas, along with detailed descriptions, to help the audience understand the overall status and ways to overcome these dilemmas and build a secure critical infrastructure environment.
Aug 11
4:00 pm
I'm On The Hype Train: Bottom's Up!
Cyber-nexus threats to critical infrastructure systems - such as power, water, oil & gas, and similar - are significant and concerning. But given recent history, there is also an open question as to how serious (or likely) these threats are (at least from a cyber perspective) in reality. This discussion will critically examine over 15 years of history in critical infrastructure intrusions and impact scenarios to identify what asset owners must be primarily concerned with, how to deal with these items, and where resources would be best directed for the future.
Aug 11
3:30 pm
OT Vulnerability analysis methodology
This presentation will explain the process in which our team focused on the vulnerabilities that CVE ID came out in the process of analyzing vulnerabilities under the theme of OT Vulnerability Chaining.
Aug 11
3:00 pm
Wired for Safety: Prioritizing Safety in Deadly Systems
This presentation explores the explosive intersection between physical safety and cybersecurity in today's increasingly connected industrial landscape. Featuring a practical demonstration of a compromised OT device, we underline the principle that an insecure system cannot be safe. We further explore the crucial role of fostering a safety and security culture within organizations, drawing parallels from the successes of safety cultures in high-risk industries, and introducing a new tool designed to strengthen corporate cybersecurity culture. This talk also provides practical steps to preventing cyber-related industrial accidents, with a dive into standards, frameworks, and tools that can assist in reducing the risk of physical harm due to attacks and accidents. The goal of this talk is to equip industry leaders and cybersecurity professionals with the knowledge and tools to build safer, more secure industrial processes, ultimately preventing tragic accidents and losses that could occur due to malicious attacks.
Aug 11
1:30 pm
PANEL: Open Distro of Malicious Maritime Hacking Tools: What Could Go Wrong?
In this panel, two participants will present -- and, possibly, demo -- their maritime hacking tools, explain why they haven't (yet?) put them out for public release, and then engage with other panelists to discuss the pros and cons of releasing such attack tools that are directed towards the maritime domain.
Aug 11
12:00 pm
Fireside Chat Between Bryson Bort and TSA Administrator David Pekoske on Joint Program for “At Scale Cyber Risk Assessments and Risk Mitigation Measures for Surface Transportation Stakeholders”
The TSA Administrator, David Pekoske, will join a fireside with Bryson Bort on a joint program being developed In collaboration with CISA, S&T, FRA and PHMSA, TSA is working to develop threat modeling and risk quantification of critical functions in the transportation sector, starting with freight rail systems and oil and natural gas pipelines (ONG), and their use of cyber-based infrastructure and digital control. This project will establish platforms capable of conducting at-scale testing focused on vulnerabilities in hardware and software components, as well as developing a prioritized list of cyber threat-based scenarios focusing on impacting system operations. This testing process will provide an evidence-based quantification of cyber risk to these systems and validate mitigation strategies that can raise the baseline for cyber resiliency in the transportation sector. Following the key note address announcing the “at scale” program, representatives from TSA, DHS S&T, and CISA will be made available for a roundtable discussion with ICS Village participants on ideas for developing the list of cyber threat-based scenarios and evidence-based quantification measures.
Aug 11
11:30 am
Five (or More) Maritime Cybersecurity Challenges
This talk will describe cybersecurity challenges that are either unique to maritime or have unique implications to the maritime industry. These five broad categories are related to navigation systems, resiliency, autonomy and Industry 4.0, oblique attacks, and workforce development. The discussion will be around challenges to both research and practice.
Aug 11
11:00 am
What's up, Doc? Using documentation to build better OT security knowledge graphs
"Many OT cybersecurity models assume the presence of network sensors on the OT network. However, network sensors can have blind spots, and may not be present in some or all sections of brownfield systems. They also do not give insight into what the detected devices control in the process, context which must be supplied by other means such as reading documentation or interviews with process owners. We created tooling to assist in creating an OT security knowledge graph from documents such as network diagrams, P&IDs, loop diagrams, and other technical drawings. We used these tools and techniques to create a graph which we used to discover possible attack paths without network sensor data. In this talk, attendees will learn how to take advantage of their documentation to create similar graphs. "
Austin Reid
Brad Proctor
Brien Croteau
CDR Brien Croteau is a 1999 graduate of the United States Naval Academy from the Systems Engineering department and earned a Control Systems Engineering masters from Rensselaer Polytechnic Institute in 2000. He spent 15 years in operational service as a Naval Flight Officer in EA-6B Prowler and EA-18G Growler aircraft, during which time he graduated from the US Naval Test Pilot School, and did two developmental test tours. In 2015, he was selected as a Permanent Military Professor and completed a Electrical Engineering Ph.D. at University of Maryland, Baltimore County in 2020. He joined the United States Naval Academy Cyber Science department where he primarily teaches Computer Architecture and Control Systems classes for Cyber Operations majors. His research interests include cyber-physical systems security, maritime industrial control systems security, power-side channel analysis, and computational resilience using flexible computing hardware.
Bryson Bort
Bryson, a Founder of the ICS Village, is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow at the National Security Institute and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber by Business Insider, Security Executive Finalist of the Year by SC Media, and a Tech Titan in Washington DC. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.
Casey Ellis
Casey is the Chairman, Founder, and Chief Technology Officer of Bugcrowd, as well as the co-founder of The disclose.io Project. He is a 20-year veteran of information security who spent his childhood inventing things and generally getting technology to do things it isn't supposed to do. Casey pioneered the Crowdsourced Security as-a-Service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014. Since then, he has personally advised the US Department of Defense and Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections. Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area.
Chang Hyun Park
Chet Hosmer
Chet Hosmer serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching machine learning applications within ICS environments. Chet is the Chief Scientist at Silent Signals and Founder of Python Forensics. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on Python Forensics, data hiding, passive network defense strategies, PowerShell, and IoT.
Cliff Neve
Cliff Neve is the Director of MAD Maritime with MAD Security, and is a cybersecurity executive and retired Coast Guard Commander with 30 years of IT and Cybersecurity leadership in military and industry, including the establishment of Security Operations Centers, supporting a Fortune 5 and multiple Fortune 200 companies, and consulting for maritime ports, shipping companies, the US Coast Guard, and the Department of Transportation’s Maritime Administration. From 2010 - 2013 he served as Acting Deputy Commander at Coast Guard Cyber Command, establishing the organization, creating the blueprint for maritime cyber defense, and providing input to Cyber Executive Order 13636 and Presidential Policy Directive-21. He frequently acted as the Principal for the Coast Guard on Cyber, providing regular briefings to the DHS Deputy Secretary and the Commander of US Cyber Command/Director of the National Security Agency. He retired in 2013 but continues to serve as a Coast Guard Auxiliarist, working as a Division Chief in the National Cybersecurity Division supporting Coast Guard Cyber Command and CG-5P. Cliff has led hundreds of cybersecurity engagements since joining MAD Security 2013, including currently supporting the Maritime Administration as the principal cyber architect for the National Security Multimission Vessels. He conducts vulnerability assessments, penetration testing, and red teaming of wired and wireless networks, web and mobile applications, and operational technology systems such as CCTV systems, access control panels, machinery control and maintenance systems, and voting machines. He has given multiple webinars on Coast Guard NVIC 01-20 and consulted on the Cybersecurity Framework and NIST 800-82 in addition to the Coast Guard’s cybersecurity job aid. Cliff holds an MS in Electrical Engineering from the University of Washington, an MS in Cyber/IT Leadership from National Defense University (NDU), and a BS in Electrical Engineering from the US Coast Guard Academy. His certifications include C|CISO, CISSP, CISA, and PMP, as well as master’s Certificates from National Defense University in Global Strategic Leadership and Chief Information Officer. He is a graduate of US Cyber Command’s Joint Advanced Cyber Warfare Course, and holds numerous technical certifications including from RSA, Fortinet, Cisco and McAfee. In addition to speaking at DEFCON and RSA, he has presented for AFCEA, Area Maritime Security Committees, for Port and Waterways conferences, and with BrightTalks. Cliff is also a certified Facility Security Officer through Seebald & Associates, International.
Dana Goward
Mr. Dana Goward, is President of the Resilient Navigation and Timing Foundation, a scientific and educational charity. The foundation advocates for policies and systems to protect GPS and GNSS satellites, signals, and users. He retired in 2013 from the U.S. federal Senior Executive Service as the nation’s maritime navigation authority, with 12 business lines budgeted at over $1.3B/yr. Mr. Goward has represented the U.S. at the International Maritime Organization, the UN anti-piracy working group, and other international forums. A career Coast Guard officer, among his many assignments were command of the Coast Guard’s Air Station in New Orleans and leadership of the service’s nationwide boat operations as the first Chief, Office of Boat Forces. He has been recognized for his rescue of two fisherman by helicopter at the height of hurricane Chantal, and as “the father” of the Coast Guard’s helicopter rescue swimmer program. He retired from uniformed service as a Captain in 2003. Mr. Goward received the Institute of Navigation’s 2021 Hays Award for inspirational leadership and is a member of the President’s National Space-Based Positioning, Navigation and Timing Advisory Board
Danny Joslin
David Emmerich
David Pekoske
David Pekoske was first confirmed by the U.S. Senate as the Transportation Security Administration’s seventh administrator in August 2017 and was reconfirmed for a second term in September 2022. Pekoske leads a workforce of over 60,000 employees and is responsible for security operations at nearly 440 airports throughout the United States. TSA is also the lead federal agency for security of highways, railroads, mass transit systems and pipelines. Under his leadership, TSA improved transportation security through close partnerships and alliances, a culture of innovation, and development of a dedicated workforce.
Dimitrios Valsamaras
A cybersecurity professional with expertise in mobile, web, and network penetration testing. Dimitrios holds a degree in Computer Science, majoring in Cryptography and Security, and has worked with top companies like Microsoft and Google. He is frequent speaker at prominent security conferences such as BlackHat, Nullcon, Insomni'hack, and Troopers. He is passionate about reverse engineering and was a member of one of Greece's first reverse engineering research groups.
Emma Stewart
Gary C. Kessler
Gary C. Kessler, Ph.D., CISSP is a retired professor of cybersecurity. Co-author of "Maritime Cybersecurity: A Guide for Leaders and Managers," he is currently the president and janitor of Gary Kessler Associates (providing maritime cybersecurity research, consulting, and training services), a principal consultant at Fathom5, a non-resident senior fellow at the Atlantic Council, on the advisory board of Cydome, and the Chief of the Cybersecurity Prevention Operations Division of the USCG Auxiliary Cyber Augmentation program (AUXCYBER). Gary's current primary areas of research are related to the weaponization of AIS/GPS, and tools for hacking and spoofing AIS. Gary is the author of more than 75 papers, articles, books, and book chapters related to cybersecurity, cryptography, steganography, network technologies, computer and mobile forensics, curriculum development, and more, and has been a speaker at conferences internationally for 30 years. Gary lives in Ormond Beach, Florida, is a SCUBA instructor, and holds a 50GT captains license.
Hank Chen
"Hank Chen is a threat researcher at PSIRT and Threat Research, TXOne Networks. Hank is passionate about vulnerability exploitation, reverse engineering, malware analysis, and product security. Hank has OSCP certificate and reported several CVEs. In addtition, Hank is a current CTF team member of 10sec and TSJ, and he is focus on Crypto, Reverse and Pwn challenges. Hank has spoked at many cybersecurity conferences, such as Black Hat USA, FIRST, CODE BLUE, HITCON, VXCON, ThreatCon."
Ian Fox
Ian Fox’s journey with cybersecurity started when he attended a security workshop and CTF while studying computer science at the University of Waterloo. After spending some time working in cloud security, he joined Norway-based OT security start up, Omny, as a Security Researcher where he enjoys automating as many things as he can. On the weekends he enjoys reading, skiing, and playing music.
Jace Powell
Jace Powell is a Senior Cybersecurity Engineer, specializing in critical infrastructure cybersecurity. His previous roles include serving as a Safety Representative for an oil company and as a Criminal Investigator for a DoD Agency. He is also a veteran of the War in Afghanistan. His multidisciplinary experience contributes to his robust approach in addressing cybersecurity risks to essential systems.
Jason Veara
Jeonghoon Bae
I am attending a university in Korea and currently junior. and I am constantly studying security with the goal of becoming a security researcher
Jeremy Jones
Joe Minicucci
Joe Slowik
Joe Slowik has over 15 years of experience across multiple information security disciplines, including various roles involving operational technology and critical infrastructure networks. Currently leading threat intelligence, detection engineering, and threat hunting operations at Huntress Labs, Joe also maintains a robust presence in the ICS space through training, consulting, and public discussion.
Ken Munro
Lukas Sokefeld
Lukas Sökefeld is a Cyber Security Consultant and Certified Ethical Hacker. He has been passionate about cyber security since his youth and is a cyber security researcher for the Federal Association for the protection of critical Infrastructure.
Manuel Bohé
Manuel Bohé is a security researcher for the Federal Association for the protection of critical Infrastructure and a member of the Federal Commission for Cyber Security at the German Economic Council. He is a self-tought cyber security specialist, Tech-Entrepreneur and has been advising critical infrastructures for over 20 years.
Mars Cheng
Mars Cheng (@marscheng_) is a threat research manager of TXOne Networks PSIRT and threat research team, responsible for coordinating product security and threat research, and is the executive director of Association of Hackers in Taiwan. Mars blends a background and experience in both ICS/SCADA and enterprise cybersecurity systems. Mars has directly contributed to more than ten CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography journals. Before joining TXOne, Cheng was a security engineer at the Taiwan National Center for Cyber Security Technology (NCCST). Mars is a frequent speaker and trainer at several international cyber security conferences such as Black Hat, RSA Conference, DEFCON, SecTor, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, SINCON, CYBERSEC, and CLOUDSEC. Mars was general coordinator of HITCON (Hacks in Taiwan Conference) PEACE 2022, HITCON 2021 and vice general coordinator of HITCON 2020.
Michael Messner
As a security researcher and penetration tester I have more than 10 years of experience in different penetration testing areas. In my current position at Siemens Energy, I’m focused on hacking products and embedded devices used in critical environments. This is the area where the firmware scanner EMBA is used and developed.
Nina Ali
Nina Kollars
Peter Dreyer
Rae Baker
"RAE BAKER is a Senior OSINT Analyst on the Dynamic Adversary Intelligence team at Deloitte specializing in maritime intelligence, human intelligence, corporate reconnaissance, and U.S. sanctions research. Rae is also a licensed private investigator and owns Kase Scenarios, an immersive training experience geared toward readying individuals for real-life OSINT work."
Ryan Heartfield
Dr. Ryan Heartfield is Director of Technology at Exalens, an OT cybersecurity start-up that develop AI technology to automatically detect and respond to cyber threats and process anomalies in OT systems. He has over 13 years’ experience in the field of cybersecurity, previously as a senior security architect at Splunk leading their SOAR practice in EMEA, for UK Government where he was an authority and lead on operational network security and defensive cybersecurity operations, and as a Research Fellow within the IoT and Security Research Centre at the University of Greenwich where for 10 years he led development of IDS for cyber-physical systems. Ryan is a regular speaker and industry panelist sharing thought leadership on cyber-physical systems security.
Shane McFly
Shane McFly (NREL) is a Senior Cybersecurity Researcher in NREL's Cybersecurity System Assessment Group. His research interests include cyber physical systems security, cyber informed engineering, and cyber range development for workforce development. Shane began his career at NREL as one of the principal architects of NREL's ARIES Cyber Range. He now leads NREL's efforts in workforce development, cyber defense exercise, and training such as Liberty Eclipse, GridEx, and CyberForce. Shane earned both Master and Bachelor of Science in Computer Science degrees from the University of Illinois at Urbana Champaign and is pursuing his PhD with a focus on the development and use of cyber range technology for workforce development and cyber defense exercises at Colorado School of Mines, where he also teaches Cyber Physical Systems Security.
Sheng-Hao Ma
Sheng-Hao Ma (@aaaddress1) is currently working as a senior threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has also served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education. He is also the author of the popular security book "Windows APT Warfare: The Definitive Guide for Malware Researchers".
Stefanos Evripidou
Stefanos is a PhD student at University College London (UCL), holding an Meng in computer science. His research is qualitative focused, looking at the security culture of companies using Operational Technology (OT), in sectors such as water, energy, and transport. Topics of interest include the internal organisational drivers and barriers, as well as the role external stakeholders have in shaping this security culture.
Tim Weston
Timothy Weston serves as the Director for Strategy & Performance in the Strategy, Policy Coordination, and Innovation office within TSA’s Office of the Administrator. Weston also serves as the Cybersecurity Policy Coordinator for the Transportation Security Administration. Previously, Weston was Senior Counsel for the Security Threat Assessments Division within TSA’s Chief Counsel’s Enforcement and Incident Management Division. Weston received his B.S. from Oklahoma State University and his J.D. from Oklahoma City University School of Law. Weston received his LL.M. in National Security and U.S. Foreign Relations from The George Washington University Law School.
Tom Stites
Tony Turner
Tony is a veteran security architect and engineer with over 25 years experience as an inside security practitioner, third-party consultant and R&D executive across IT and OT. He is the co-author of Software Transparency, is currently authoring an upcoming SANS course on Defending Product Supply Chains, leads the OWASP Orlando chapter, and is the Chief Editor for cyberinformedengineering.com, an open wiki dedicated to evangelizing the concepts of CIE. Tony founded and leads Opswright as CEO, a software company focused on securing critical infrastructure through the concepts of Cyber-Informed Engineering and is passionate about security transformational change.
Travis “Cyphernaut” Juhr
Navy Helicopter Rescue Swimmer turned Paramedic and then Networking, Security, Systems, and Unified Comms Engineering. Travis has been conducting research and development on secure voice and network hardening practices in merging ICS, PSTN, and modern IP networks. Previous work includes a talk from DEF CON 30 ICS Village in creating hostile voice appliances and platforms and developing a new attack model known as Spear Vishing.
Tyson Meadors
Tyson B. Meadors is the Practice Lead for Maritime Cyber at Fathom5. Heralded as “America’s Top Cybersecurity Strategist” by former National Security Advisor H.R. McMaster, he served as Director for Cyber Policy on the National Security Council Staff from 2017-2018, advising the President, Vice President, and multiple National Security Advisors and was the lead author of the 2018 U.S. Cybersecurity Strategy and key contributor to a range of Executive Branch strategies and policies. He is certified and experienced practitioner in a range of cybersecurity disciplines, to include incident response, forensics, penetration testing, vulnerability analysis, cyber-physical security engineering, assessment, and auditing. He has degrees and certifications from a range of institutions, to include the U.S. Naval Academy, the North China Institute of Science and Technology (华北科技学院), the US Naval War College, Old Dominion University, and the Escal Institute of Advanced Technologies (SANS).

DEF CON 31 Village People Party

Hosted by: Car Hacking Village, ICS Village, Aerospace Village and Biohacking Village.  Music by Nighthawk in Rooms 115-116 in The Forum.

Insane Forensics and ICS Village Events

Join ICS Village and Insane Forensics in our suite at the Four Seasons for demonstrations, a roadshow, happy hour /party, and general chill and chat events. Register here if you would like to join us and hang out with the Insane Forensics and ICS Village teams.

CISA / INL Escape Rooms

The Cybersecurity & Infrastructure Security Agency (CISA) and Idaho National Labs invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. Two different Escape Rooms will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity and control system elements. Participant's skills will be confronted with cybersecurity puzzles to remediate cyberattacks against controls systems, PLCs, HMIs, and Ladder Logic; solve challenges using a mixed reality system, RFID, wireless technologies, and more; in order to restore critical operations to solar, wind, and power generation and natural gas systems. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Labs.

Be sure to swing by and sign up for a timeslot.

Maritime Petting Zoo

Come check out real maritime hardware and try your hand at working through one of our guided exercises. This is meant to get users interested in and introduced to marine equipment without the commitment of a full contest.

Hours: 9:30 AM - 12:00 PM Friday and Saturday

War Games: Hacking Boundary Terminal - A Port Attack Game

You represent a team of attackers who are being paid to disrupt operations at the biggest container terminal on the east coast of the US.  You have people, capabilities, and systems that help you accomplish your missions.  At the same time the port IT and law enforcement are trying to disrupt your operations.  This is a card-based role-playing game that involves making decisions, justifying your attack vectors, and understanding port system vulnerabilities.  The good news is that the infrastructure supporting the port has been neglected, while at the same time the port has gone all in on automation.  Have fun building your team, competing with other attacker groups, rolling dice, and seeing if you can drive a ship into a bridge.  This game debuted at DEFCON last year in a small event.  Now is your opportunity to play it in our new spaces!

Hours: 12:00 PM - 4:00 PM Friday and Saturday

Threat Space Competition

Mandiant: Now Part of Google Cloud is partnering with Maritime Security at the ICS Village to offer 4 ThreatSpace sessions across Friday and Saturday. There will be two sessions each day. ThreatSpace is one of Mandiant Academy’s most sought after experiences.

During these sessions, participants will have the opportunity to take part in threat hunting in a simulated enterprise network where they will be defending against Mandiant red teamers with the assistance of Mandiant Blue teamers. The range will emulate an ICS enterprise environment. The sessions will be 3 to 4 hours long.

No previous experience is required, and the participants will have a one-of-a-kind experience working alongside Mandiant consultants, as well as defending against them.

Hours: 10 AM - 1 PM and 2 PM - 5 PM Friday and Saturday

ICS Village, Inc. is a registered 501(c)(3) organization.