25th USENIX Security Symposium has ended
Back To Schedule
Tuesday, August 9 • 2:00pm - 2:30pm
A Rising Tide: Design Exploits in Industrial Control Systems

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Security is an emergent property. It is the outcome of an interaction between many sub-components and processes. One of the biggest problems of ICS security today is that systems undergo security assessments without recognizing the environment in which they are used. This has led to a situation where many systems have undergone cyber security assessments without addressing the ICS component, leading to a false sense of security. While Industrial Control System (ICS) vulnerability researchers and vendors became quite practiced at finding and fixing implementation bugs, many have minimal experience with design bugs. In the near future, we can expect the attacker community to leverage this weakness, as it did with earlier technologies. Therefore, ICS vendors must begin focusing better on the design of the environment and protocols, and ICS audits must begin now to focus on design. This paper a joint effort of the authors who independently researched design vulnerabilities in ICS with the goal of attracting more attention to ICS-specific design vulnerabilities.

avatar for Marina Krotofil

Marina Krotofil

Lead Security Researcher, Honeywell Industrial Cyber Security Lab
I am a researcher in the area of Industrial Control Systems (ICS) security and critical infrastructures. Specifically I am specializing in cyber-physical security: attacks directed at causing physical impact. I am working on discovering unique attack vectors, design vulnerabilities... Read More →

Tuesday August 9, 2016 2:00pm - 2:30pm PDT
Texas Ballroom 1

Attendees (3)