Fears of cyber-attacks with catastrophic physical consequences are easily capturing the public imagination. The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action, nobody is going to let one present it at a conference like Hack in the Box.
As a poor substitute, this presentation will get as close as possible using a simulated plant for Vinyl Acetate production to demonstrate a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack.
Most of the talks on SCADA hacking discuss vulnerabilities in protocols and equipment which allow to obtain unauthorized access to industrial processes. However, nobody speaks about what to do with those controls and how to achieve desired physical consequences. An attacker targeting a remote process is not immediately gifted with complete knowledge of the process and the means to manipulate it. In general, an attacker follows a series of stages before getting to the final attack. The talk will take the audience through all stages of cyber-physical attacks covering the tasks to be completed at each stage and non-trivial detours an attacker may have to take to reach her goal.
By the end of the talk the audience will realize that recent “steal everything” APT attacks against various industrial sectors do not gather proprietary information for national libraries but is the first and paramount attack stage in designing targeted cyber-physical attacks. Havex malware on OPC-based communication is first sign that the attackers are already developing targeted SCADA-hacking capabilities. The talk will be given from the attacker (practical implementation of the economic damage attack scenario) and defenders point of view (defense and detection opportunities, hardening of the processes).
