I was audited on the last webcast that I watched, but was able to provide proof in the registration record at SANS and my notes here.
Notes
Hacking started in 1946, when the MIT Tech Model Railroad Club (TMRC) built a model railroad with control systems.Ed's Central Thesis - we are entering the golden age of software hacking to achieve physical impact. Think SCADA, power grids, all of the embedded and attached devices, airplanes, trains, etc. Partially due to the fact that everything is becoming IP addressable. Use Shodan searches to find things connected to the internet. Also, there are web apps everywhere and everything is web enabled.
Air gaps won't work, because they disappear over time. See Stuxnet.
Physical safeguards are becoming increasingly automated or controlled by IP.
Major areas of concern
Power grid, healthcare, and weapons systems (!).CyberCity was built to give people a place to train against cyber attacks on physical controls. It has military backing and simulates commercial, industrial, military, and residential areas.
Why hasn't there been a massive kinetic impact yet?
- Not an effective criminal business model (yet).
- Geo-politics - it isn't in anyone's best interest to cause mayhem (yet)
- Harder than anticipated
No comments:
Post a Comment