SlideShare a Scribd company logo

[Bucharest] From SCADA to IoT Cyber Security

OWASP EEE, profile picture
OWASP EEE

Bogdan Matache is a cyber security specialist with over 15 years of experience in IT, energy, and industrial control systems. He has penetration tested and hacked several industrial control and IoT systems, including fuel pumps, asphalt stations, cars, drones, and smart home devices. Matache now works as an auditor at EnerSec, focusing on cyber security for the energy sector. He discusses the growth of IoT and risks of attacks against availability, integrity and confidentiality in both SCADA and IoT systems. Matache also outlines common attack types, hardware, software and malware used to target these systems.

Internet
1 of 34
Downloaded 82 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[Bucharest] From SCADA to IoT Cyber Security
from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
 About ME, Bogdan Matache  Cyber Security Specialist – Military Technical Academy  SCADA Security Specialist – InfoSec Institute  Auditor – ISO 27001 Specializations: Cryptography, Social Engineering, SCADA Pen testing  IT&C – over 15 y  Energy @ OIL Sectors – 10 y  SCADA for Renewable Power Plants – 5 y  Pen testing – OIL Sectors systems – 3 y  Pen testing – Electrical Systems – 3 y
What I hacked ?  Fuel Pump ( I changed densitometers values )
What I hacked ?  Asphalt Station ( I Changed the percentage of bitumen)
What I Pen Tested ?  VoIP Networks  WiMAX BTS  Cars (doors open system, tachometer, gps)  Intelligent House System, Smart Buildings  6 companies in 8 months ( Social Engineering )  PLC’s (programmable logic Controller)  Smart Electricity Meters  Smart Gas Meters  Magnetic & RFID Access Cards  Drones Control System  Etc.
What I do ?  I work as a security auditor at EnerSec, a company specialized in Cyber Security for Energy Sector
Definitions  What is SCADA  What is IoT  What is Security
ICS and SCADA  Industrial Control Systems (ICS) is an umbrella term covering many historically different types of control system such as SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems). Also known as IACS (Industrial Automation and Control Systems), they are a form of Operational Technology. In practice, media publications often use “SCADA” interchangeably with “ICS”.
SCADA system
Cars  OBD 2 (On-Board Diagnostics)
Airplanes  ADS-B ( Automatic Dependent Surveillance Broadcast )
Ships  AIS ( Automatic Identification System )
Other hackable SCADA systems  Power Plants (Nuclear Plants)  Transportation System ( Train Switch Crossing and Beacons )  Robots in factories  Etc.
ics-cert.us-cert.gov
[Bucharest] From SCADA to IoT Cyber Security
What is IoT ?  The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.
IoT Growth
SCADA vs IoT  More devices  More Systems  More data  More connectivity / access points  More ‘home’ users  Equals - More opportunities
Attacks Types for SCADA  Power System or Water System ( most likely terrorism )  Attacks upon the power system. target – power system itself  Attacks by the power system. target – population ( make dark or rise lever of chlorine )  Attacks through the power system target - ex high voltage for a specific company
Attacks types for IoT  Open doors ( Bluetooth Lockers, hotel rooms)  Unwanted Surveillance (baby monitors or smart TV’s)  Damage things ( Sprinklers, cooling systems )  Pace Maker  GPS ( fleet monitoring )  Burglars ( profile from smart meters, energy consumption)
CIA vs AIC  IT Security confidentiality, integrity, availability  SCADA and IoT availability, integrity, confidentiality
Protocols  For SCADA ( PLC’s) ModBus, DNP3, IEC 60870, IEC61850, Embedded Proprietary, ICCP, UCA 2.0  For IoT Bluetooth low-e, Wi-Fi low-e, NFC, RFID, ANT, Z-Wave, Neul, SigFox, Thread, 6LowPAN, ZigBee, Cellular, LoRA WAN
Software for Hacking SCADA / IoT  Black Arch Linux  Hack Ports  Helix, Kali Linux  Samurai STFU  Security Onion  OSINT  Dedicated software exploits for PLC’s for Siemens, Allen Bradley, Schneider, ABB, etc.
Hardware tools for Pentest  WiFi Pineapple  Rubber Ducky
Hardware tools for Pentesting  Hack RF
 Prox Mark 3 clone RFID Mifare cards Hardware tools for Pentest
Malware example for SCADA / IoT  Stuxnet, Havex, Flame, DragonFly  APT is most dangerous
Critical risk scenarios  RS 01 - disrupting the operation of control systems by delaying or blocking the flow of information through control networks, thereby denying availability of the networks to control system operators;  RS 02 - unauthorized changes to programmed instructions in PLCs, RTUs, or DCS controllers, change alarm thresholds, or issue unauthorized commands to control equipment, which could potentially result in damage to equipment (if tolerances are exceeded), premature shutdown of processes (such as prematurely shutting down transmission lines), or even disabling control equipment;
Critical risk scenarios  RS 03 - send false information to control system operators either to disguise unauthorized changes or to initiate inappropriate actions by system operators;  RS 04 - modify the control system software, producing unpredictable results;  RS 05 - interfere with the operation of safety systems.
Defence / Alerts  ics-cert.us-cert.gov  CERT-ICS.eu
Defence / Intelligence
Security Operation Center
[Bucharest] From SCADA to IoT Cyber Security

More Related Content

PPTX
Rsa Crptosystem
Amlan Patel
 
PPT
Digital Signature.ppt
SABITHARASSISTANTPRO
 
DOCX
Image encryption using aes key expansion
Sreeda Perikamana
 
PDF
IoT in Sports - a concept by Nuwe
Steve Schofield
 
PPTX
wireless communication security PPT, presentation
Nitesh Dubey
 
PPTX
3. M2M and IoT - Technology Fundamentals
Jitendra Tomar
 
PDF
Cloud Cryptography
ijtsrd
 
PDF
IoT Security Challenges and Solutions
Intel® Software
 
Rsa Crptosystem
Amlan Patel
 
Digital Signature.ppt
SABITHARASSISTANTPRO
 
Image encryption using aes key expansion
Sreeda Perikamana
 
IoT in Sports - a concept by Nuwe
Steve Schofield
 
wireless communication security PPT, presentation
Nitesh Dubey
 
3. M2M and IoT - Technology Fundamentals
Jitendra Tomar
 
Cloud Cryptography
ijtsrd
 
IoT Security Challenges and Solutions
Intel® Software
 

What's hot (13)

PPTX
Cloud computing and Cloud security fundamentals
Viresh Suri
 
PDF
eInfochips Corporate PPT - Oct 2014 Rev 1 0
Mahesh Chandra Srivastava
 
PPT
Cryptography
Vicky Kamboj
 
PPTX
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
PPTX
Quantum Computing in Health-care [Saswat].pptx
SaswatKumarNayak
 
PDF
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
PPTX
Insight into SOAR
DNIF
 
PPTX
Anti slip presentation
Aleem Sheikh
 
PPTX
Elgamal digital signature
MDKAWSARAHMEDSAGAR
 
DOCX
What is AES? Advanced Encryption Standards
Faisal Shahzad Khan
 
PPTX
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
PDF
Unit1_Introduction to ML_Cross_validation.pdf
RAMESHWAR CHINTAMANI
 
PDF
The journey to ICS - Extended
Larry Vandenaweele
 
Cloud computing and Cloud security fundamentals
Viresh Suri
 
eInfochips Corporate PPT - Oct 2014 Rev 1 0
Mahesh Chandra Srivastava
 
Cryptography
Vicky Kamboj
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Quantum Computing in Health-care [Saswat].pptx
SaswatKumarNayak
 
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
Insight into SOAR
DNIF
 
Anti slip presentation
Aleem Sheikh
 
Elgamal digital signature
MDKAWSARAHMEDSAGAR
 
What is AES? Advanced Encryption Standards
Faisal Shahzad Khan
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
Unit1_Introduction to ML_Cross_validation.pdf
RAMESHWAR CHINTAMANI
 
The journey to ICS - Extended
Larry Vandenaweele
 
Ad

Similar to [Bucharest] From SCADA to IoT Cyber Security (20)

PDF
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran
 
PPTX
Security Issues in SCADA based Industrial Control Systems
aswanthmrajeev112
 
PDF
Securing SCADA
Jeffrey Wang , P.Eng
 
PDF
Securing SCADA
Jeffrey Wang , P.Eng
 
PPTX
Chapter-2 Internet of Things.pptx
40NehaPagariya
 
PDF
SCADA Systems Vulnerabilities and Blockchain Technology
ijtsrd
 
PPTX
Nozomi Fortinet Accelerate18
Nozomi Networks
 
PPT
Internet Of Things
venkat thangella
 
PDF
Industrial Iot and Legacy Scada system - the solution for future ?
Prescinto Technologies Private Limited
 
PPTX
UNIT 3 _ _ IOT APPLICATIONS USING ARDUINO
eticket4403
 
PPTX
Scada, a PLC's story
Paolo Stagno
 
PDF
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
PPTX
Training manual on scada
bhavuksharma10
 
PDF
IJSRED-V2I2P15
IJSRED
 
PPTX
Scada Industrial Control Systems Penetration Testing
Yehia Elghaly
 
PPTX
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
NiMa Bagheriasl
 
PPS
02 ibm security for smart grids
IBM Italia Web Team
 
PPTX
Io t first(1)
MuhammadAbduArRahman
 
PPTX
Io t of actuating things
Arpan Pal
 
PPTX
scada-130512133852-phpapp01.pptx
surangagw
 
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran
 
Security Issues in SCADA based Industrial Control Systems
aswanthmrajeev112
 
Securing SCADA
Jeffrey Wang , P.Eng
 
Securing SCADA
Jeffrey Wang , P.Eng
 
Chapter-2 Internet of Things.pptx
40NehaPagariya
 
SCADA Systems Vulnerabilities and Blockchain Technology
ijtsrd
 
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Internet Of Things
venkat thangella
 
Industrial Iot and Legacy Scada system - the solution for future ?
Prescinto Technologies Private Limited
 
UNIT 3 _ _ IOT APPLICATIONS USING ARDUINO
eticket4403
 
Scada, a PLC's story
Paolo Stagno
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
Training manual on scada
bhavuksharma10
 
IJSRED-V2I2P15
IJSRED
 
Scada Industrial Control Systems Penetration Testing
Yehia Elghaly
 
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
NiMa Bagheriasl
 
02 ibm security for smart grids
IBM Italia Web Team
 
Io t first(1)
MuhammadAbduArRahman
 
Io t of actuating things
Arpan Pal
 
scada-130512133852-phpapp01.pptx
surangagw
 
Ad

More from OWASP EEE (20)

PDF
[Austria] ZigBee exploited
OWASP EEE
 
PDF
[Austria] Security by Design
OWASP EEE
 
PPTX
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE
 
PDF
[Poland] It's only about frontend
OWASP EEE
 
PDF
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE
 
PPTX
[Cluj] Turn SSL ON
OWASP EEE
 
PDF
[Cluj] Information Security Through Gamification
OWASP EEE
 
PDF
[Cluj] CSP (Content Security Policy)
OWASP EEE
 
PDF
[Cluj] A distributed - collaborative client certification system
OWASP EEE
 
PDF
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE
 
PDF
[Russia] MySQL OOB injections
OWASP EEE
 
PDF
[Russia] Bugs -> max, time <= T
OWASP EEE
 
PDF
[Russia] Give me a stable input
OWASP EEE
 
PDF
[Russia] Building better product security
OWASP EEE
 
PDF
[Lithuania] I am the cavalry
OWASP EEE
 
PDF
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE
 
PDF
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE
 
PDF
[Lithuania] Introduction to threat modeling
OWASP EEE
 
PPTX
[Hungary] I play Jack of Information Disclosure
OWASP EEE
 
PDF
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE
 
[Austria] ZigBee exploited
OWASP EEE
 
[Austria] Security by Design
OWASP EEE
 
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE
 
[Poland] It's only about frontend
OWASP EEE
 
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE
 
[Cluj] Turn SSL ON
OWASP EEE
 
[Cluj] Information Security Through Gamification
OWASP EEE
 
[Cluj] CSP (Content Security Policy)
OWASP EEE
 
[Cluj] A distributed - collaborative client certification system
OWASP EEE
 
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE
 
[Russia] MySQL OOB injections
OWASP EEE
 
[Russia] Bugs -> max, time <= T
OWASP EEE
 
[Russia] Give me a stable input
OWASP EEE
 
[Russia] Building better product security
OWASP EEE
 
[Lithuania] I am the cavalry
OWASP EEE
 
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE
 
[Lithuania] Introduction to threat modeling
OWASP EEE
 
[Hungary] I play Jack of Information Disclosure
OWASP EEE
 
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE
 

Recently uploaded (20)

PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
Internet___Basics___Styled_ presentation
poonam62133
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 

[Bucharest] From SCADA to IoT Cyber Security

  • 2. from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
  • 3.  About ME, Bogdan Matache  Cyber Security Specialist – Military Technical Academy  SCADA Security Specialist – InfoSec Institute  Auditor – ISO 27001 Specializations: Cryptography, Social Engineering, SCADA Pen testing  IT&C – over 15 y  Energy @ OIL Sectors – 10 y  SCADA for Renewable Power Plants – 5 y  Pen testing – OIL Sectors systems – 3 y  Pen testing – Electrical Systems – 3 y
  • 4. What I hacked ?  Fuel Pump ( I changed densitometers values )
  • 5. What I hacked ?  Asphalt Station ( I Changed the percentage of bitumen)
  • 6. What I Pen Tested ?  VoIP Networks  WiMAX BTS  Cars (doors open system, tachometer, gps)  Intelligent House System, Smart Buildings  6 companies in 8 months ( Social Engineering )  PLC’s (programmable logic Controller)  Smart Electricity Meters  Smart Gas Meters  Magnetic & RFID Access Cards  Drones Control System  Etc.
  • 7. What I do ?  I work as a security auditor at EnerSec, a company specialized in Cyber Security for Energy Sector
  • 8. Definitions  What is SCADA  What is IoT  What is Security
  • 9. ICS and SCADA  Industrial Control Systems (ICS) is an umbrella term covering many historically different types of control system such as SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems). Also known as IACS (Industrial Automation and Control Systems), they are a form of Operational Technology. In practice, media publications often use “SCADA” interchangeably with “ICS”.
  • 11. Cars  OBD 2 (On-Board Diagnostics)
  • 12. Airplanes  ADS-B ( Automatic Dependent Surveillance Broadcast )
  • 13. Ships  AIS ( Automatic Identification System )
  • 14. Other hackable SCADA systems  Power Plants (Nuclear Plants)  Transportation System ( Train Switch Crossing and Beacons )  Robots in factories  Etc.
  • 17. What is IoT ?  The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.
  • 19. SCADA vs IoT  More devices  More Systems  More data  More connectivity / access points  More ‘home’ users  Equals - More opportunities
  • 20. Attacks Types for SCADA  Power System or Water System ( most likely terrorism )  Attacks upon the power system. target – power system itself  Attacks by the power system. target – population ( make dark or rise lever of chlorine )  Attacks through the power system target - ex high voltage for a specific company
  • 21. Attacks types for IoT  Open doors ( Bluetooth Lockers, hotel rooms)  Unwanted Surveillance (baby monitors or smart TV’s)  Damage things ( Sprinklers, cooling systems )  Pace Maker  GPS ( fleet monitoring )  Burglars ( profile from smart meters, energy consumption)
  • 22. CIA vs AIC  IT Security confidentiality, integrity, availability  SCADA and IoT availability, integrity, confidentiality
  • 23. Protocols  For SCADA ( PLC’s) ModBus, DNP3, IEC 60870, IEC61850, Embedded Proprietary, ICCP, UCA 2.0  For IoT Bluetooth low-e, Wi-Fi low-e, NFC, RFID, ANT, Z-Wave, Neul, SigFox, Thread, 6LowPAN, ZigBee, Cellular, LoRA WAN
  • 24. Software for Hacking SCADA / IoT  Black Arch Linux  Hack Ports  Helix, Kali Linux  Samurai STFU  Security Onion  OSINT  Dedicated software exploits for PLC’s for Siemens, Allen Bradley, Schneider, ABB, etc.
  • 25. Hardware tools for Pentest  WiFi Pineapple  Rubber Ducky
  • 27.  Prox Mark 3 clone RFID Mifare cards Hardware tools for Pentest
  • 28. Malware example for SCADA / IoT  Stuxnet, Havex, Flame, DragonFly  APT is most dangerous
  • 29. Critical risk scenarios  RS 01 - disrupting the operation of control systems by delaying or blocking the flow of information through control networks, thereby denying availability of the networks to control system operators;  RS 02 - unauthorized changes to programmed instructions in PLCs, RTUs, or DCS controllers, change alarm thresholds, or issue unauthorized commands to control equipment, which could potentially result in damage to equipment (if tolerances are exceeded), premature shutdown of processes (such as prematurely shutting down transmission lines), or even disabling control equipment;
  • 30. Critical risk scenarios  RS 03 - send false information to control system operators either to disguise unauthorized changes or to initiate inappropriate actions by system operators;  RS 04 - modify the control system software, producing unpredictable results;  RS 05 - interfere with the operation of safety systems.
  • 31. Defence / Alerts  ics-cert.us-cert.gov  CERT-ICS.eu