Brent Shaw is a student at Rhodes University (Grahamstown, South Africa) currently completing a Ph.D in Computer Science. His current research focuses on securing critical infrastructure through the analysis of cyber-security threats Industrial Control Systems, where he is supervised by Prof. Barry Irwin. Brent complete his undergraduate and Master’s degrees at Rhodes, with previous research fields including audio networking, deterministic embedded microcontrollers and low-level network services.
Talk: Securing the Industrial Internet of Things
Industrial Control Systems (ICS) are involved in running everything from waste water treatment to nuclear power stations. These days it is nearly impossible to do anything without someone wanting to connect it to the Internet or control it from their phone. This means that systems that previously only required strong physical security, now face a new wave of threats: hackers, malware and bad network admins.
Unfortunately these devices are costly and sometimes hard to obtain. Luckily, modern Programmable Logic Controllers are evolving to become more similar to computers and sometime worryingly look a lot like home routers. These devices can run firmware and sometimes even fully fledged operating systems, with anything from Windows CE to proprietary real-time operating systems such as Wind River’s VxWorks. Research (and some reverse engineering) into the these devices has shown that it is possible to virtualise industrial hardware, allowing for the creation industrial control networks, where further testing and attack simulations can be conducted.
The ever expanding Internet of Things (IoT) is providing the InfoSec sphere with a wealth of vulnerabilities, exploits, and both privacy and security issues. The public’s adoption of IoT has led to the introduction of smart devices into such a wide range of networks. With modern ICS becoming increasingly interconnected, these smart devices might not only provide new weaknesses in network security, can also be shown to be further used a platforms of attack inside supposedly secure networks.
This talk aims to provide a look at the current state of security in the world of Industrial Automation, and provide an interesting look at the challenges facing security research in a field where it appears that manufacturers’ greatest defense still seems to be security through obscurity.