The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Lets face it, after such elite hacking action nobody is going to let you present it at a conference like Black Hat. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack.
Picking up a paper these days its easy to find an article on all the SCADA insecurity out there associated with an unstoppable attacker with unsophisticated goal of kicking up another apocalypse. Sorry to disappoint excited crowd but formula Your wish is my command does not work for control systems. The target plant may not have been designed in a hacker friendly way. Hopefully by the end of the presentation, the audience will understand the difference between breaking into the system and breaking the system, obtaining control and being in control. An attacker targeting a remote process is not immediately gifted with complete knowledge of the process and the means to manipulate it. In general, an attacker follows a series of stages before getting to the final attack. Designing an attack scenario is a matter of art as much as economic consideration. The cost of attack can quickly exceed damage worth. Also, the attacker has to find the way to compare between competing attack scenarios.In traditional IT hacking, a goal is to go undetected. In OT (operational technologies) hacking this is not an option. An attack will change things in the real world that cannot be removed by simply erasing the log files. If a piece of equipment is damaged or if a plant suddenly becomes less profitable, it will be investigated. The attacker has to create forensic footprint for investigators by manipulating the process and the logs in such a way that the analysts draw the wrong conclusions.Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore, real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed 'Damn Vulnerable Chemical Process" - first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking.
Marina Krotofil is a Senior Security Consultant at the European Network for Cyber Security. Most recently, she completed her doctoral degree research in ICS security at Hamburg University of Technology, Germany (final thesis is in progress). Her research over the last few years has been focused on the design and implementation of cyber-physical attacks aiming at both physical and economic damage. She uses her destructive knowledge for designing process-aware defensive solutions and risk assessment approaches. During her PhD, she collaborated with several industrial partners, participated in EU projects, and collaborated with cool dudes from the hacking community. She is the author of the Damn Vulnerable Chemical Process framework - an open-source platform for cyber-physical security experimentation based on the realistic models of chemical plants. Overall, she has written more than a dozen of papers on the on cyber-physical exploitation. She gives workshops on cyber-physical exploitation and is a frequent speaker at the leading ICS security venues around the world. She holds a MBA in Technology Management, MSc in Telecommunications, MSc in Information and Communication Systems.