IoT, Embedded Systems & ICS/SCADA Threats

  • Limited hardware.

  • Designed without security best practices.

  • No admin interfaces.

  • Embedded OS

    • Computers designed for a single function

    • Static systems

    • SoC – System on a chip

    • RToS – Real-Time Operating System

    • FPGA – Field programmable gate arrays

  • Building Automation Systems (BAS)

    • Enterprise-level “smart home”

    • Security overlooked

    • PAC – Physical Access Control

  • Vehicles and Drones

    • From entertainment systems to self driving cars

    • ECU – Electronic Control Unit

    • CAN – Controller Area Network (Bus)

    • OBD interface

  • Industrial Control Systems (ICS)

    • Automating control machinery, managing critical infrastructure: power, health, nuclear, communications, water, etc

    • ICS vs DCS (Distributed Control System)

    • PLCs connected by Fieldbus or Ethernet

  • Supervisory Control and Data Acquisition (SCADA)

    • A SCADA system controls large scan ISCes, with multiples sites

    • Separate network, air gapped

    • Security?

      • No updates

      • Monitor all links

      • Web Apps

      • Legacy PC operating systems

      • Physical security: USB, CD-ROMs

      • Dedicated SCADA security systems & data diodes

  • Modbus

    • ICS protocol

    • Updates configurations on PLCs

PreviousBlackholes and SinkholesNextLog Analysis & Continuous Security Monitoring

Last updated