Reverse Engineering Physical Processes in Industrial Control Systems

August 11, 2018 4:55 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process :-)

Speaker Information

Panelist Information

Marina Krotofi

FireEye

Marina Krotofil is an experienced ICS/SCADA professional who specializes on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 20 academic/white papers and 3 book chapters on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

Alexander Winnicki

Silver Atena

Alexander Winnicki is a Security Integrator ICS at Airbus CyberSecurity (Germany). He previously worked as a security engineer at SILVER ATENA Electronics Systems Engineering GmbH (Germany) where he was involved with the embedded systems security. His interest for ICS security has started through Bachelor and Master Theses at Hamburg University of Technology (Germany). Alexander's research contributions were presented at Black Hat and Def Con 2015 as well as published at few top ranking academic conference proceedings.