Hacking Critical Infrastructure: A How-To Guide

[InfoSec News <alerts () infosecnews org>]

http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/

By Patrick Tucker
Defense One
July 31, 2015

Cyber-aided physical attacks on power plants and the like are a growing 
concern. A pair of experts is set to reveal how to pull them off — and how 
to defend against them.

How easy would it be to pull off a catastrophic cyber attack on, say, a 
nuclear power plant? At next week’s Black Hat and Def Con cybersecurity 
conferences, two security consultants will describe how bits might be used 
to disrupt physical infrastructure.

U.S. Cyber Command officials say this is the threat that most deeply 
concerns them, according to a recent Government Accountability Office 
report. “This is because a cyber-physical incident could result in a loss 
of utility service or the catastrophic destruction of utility 
infrastructure, such as an explosion,” the report said. The most famous 
such attack is the 2010 Stuxnet worm, which damaged centrifuges at Iran’s 
Natanz nuclear enrichment plant. (It’s never been positively attributed to 
anyone, but common suspicion holds that it was the United States, possibly 
with Israel.)

Scheduled to speak at the Las Vegas conferences are Jason Larsen, a 
principal security consultant with the firm IOActive, and Marina Krotofil, 
a security consultant at the European Network for Cyber Security. Larsen 
and Krotofil didn’t necessarily hack power plants to prove the exploits 
work; instead Krotofil has developed a model that can be used to simulate 
power plant attacks. It’s so credible that NIST uses it to find weakness 
in systems.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/