INL Sessions at S4x20

INL had a number of quality submissions for the S4x20 RFP and we accepted two.

Test Effect Payloads (TEP) for ICS Incident Response Resilience with Virginia Wright

In 2010, when Netflix moved their operational systems to the cloud, they developed a pseudo-random mechanism to cause deliberate outages and failures of key system elements to ensure that automated systems for detecting and remediating outages were mature and fully functional. This Chaos Monkey spawned an entire Simian Army designed to ensure system resilience and enable failure response before issues became outages. Through the DARPA RADICS program, Provatech, INL, and other researchers have developed a mechanism for creating controllable failures via Test Effect Payloads (TEPs) for Industrial Control Systems in order to enable an asset owner to tune network and process sensor technology, increase the effectiveness of incident response and remediation, and highlight areas where resilient technology could bring benefit to Operational Technology.

This session will explore what a TEP is, how to create a TEP, and suggest what a systematic system resilience plan using TEP’s might look like. We will also discuss how regulated entities might employ TEP’s in a compliant resilience strategy.

ICS 0Day Market Analysis with Sarah Freeman

This session tries to answer the question: what is the market for ICS 0days? How much is being paid for what type of vulnerabilities?

At INL, much of Sarah Freeman’s time is spent trying to understand the potential impact of cyber events at the technical level, but also the incentives and motivations for organizations to participate in ICS-focused cyber-attacks. At the its core, these kinds of analyses tend to be influenced by concepts of sophistication, with the starting assumption is that in most cases, a threat actor is unwilling to burn exclusive, sophisticated capabilities, choosing instead to maintain them as strategic weapons for a future engagement.

However, this assessment fails to acknowledge the robust marketplace for vulnerabilities, enabled by entities such as Zerodium, Vupen, and Absolute Zero-Day, among others. The market trends for zero-days can be used not only to inform threat analysis, but also to provide guidance for critical infrastructure owners and others seeking to prioritize defensive actions within the resource constrained environment.

This talk will be interesting in light of the $250K ZDI has allocated for Pwn2Own Miami.

And of course we have Zach Tudor, who has only missed one S4 in Miami, on the Closing Panel.