This presentation combines original research on technical SCADA security challenges faced by organizations which manage critical infrastructure or industrial control systems. The session will identify avenues of attack and explain how critical infrastructures can be compromised. It will also provide mitigation strategies and security controls to secure against exploitation. The session will focus on real world examples of successful and not-so-successful implementations of security controls with SCADA systems. It will conclude with guidance on how control system owners can start implementing additional measures to get to an acceptable level of security. Attendees who are in charge of control system infrastructure will get insight on what worked and what did not for other organizations. Engineers who are in-charge of security for control systems will get a better technical insight of SCADA protocols and components. Attendees who are new to control systems will get an excellent overview of security complexities of control systems.
About Amol Sarwate
As Director of Vulnerability Labs at Qualys, Amol Sarwate heads a worldwide team of security researchers who analyze threat landscape of exploits, vulnerabilities and attacks. Sarwate’s team develops signatures for Qualys’ vulnerability management service. For the last 15 years Amol has developed security products like firewalls and vulnerability scanners at McAfee, Hitachi, i2 and other organizations. He presented his research on Vulnerability Trends, Security Axioms and SCADA security at many conferences, including, RSA, BlackHat, Hacker Halted, nullCon, Hack In Paris, BSides, HSNI and FS/ISAC. He regularly contributes to SANS @RISK and the SANS Top 20.