Understanding and Mitigating Risk of Internet-connected Industrial Systems

Stage 2

The accelerated rate of Internet-enabled devices has opened opportunities across most industry sectors by improving operational efficiency, enabling proactive maintenance, incorporating remote support, and facilitating global view of data. It has also opened a potential attack surface that now puts the world’s threats at your front gate. Are you gates locked, and if they are, are the locks strong enough?

Risk management forms the foundation for both cyber security and resilience. Risk is not only measured in terms of the likelihood and impact a threat poses to a particular asset, but also the attractiveness of this asset to the adversary.

During this brief, Mr. Langill will walk the audience through an actual field assessment of a site that was intentionally connected to public infrastructure but yielded unintentional consequences. He will discuss how this site was discoverable through open-source methods. Data collected during remediation will be reviewed and how a simple, effective tool was used to quickly identify network activity and the resulting risk introduced from the improperly secured connection. He will discuss the solution that was deployed and how the site effectively became “invisible” to the Internet while still providing the requisite remote access for monitoring and engineering support.

Tools Discussed:   Shodan, Censys, tcpdump, Network Miner, Grass Marlin, Wireshark, Suricata, Splunk, mGuard (by Phoenix Contact), pfSense

Detection & Response