Seattle, USA ― September 13, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced that Lucas Apa and Carlos Penagos, world authorities on Industrial Control Systems (ICS), will be presenting their acclaimed research titled ’Compromising Industrial Facilities From 40 Miles Away’. For the first time to a public audience, the researchers will be demonstrating the vulnerabilities and attack vectors they uncovered. The presentation will be given at the 9th annual EnergySec Security Summit, being held in Denver, Colorado.
Having uncovered multiple critical vulnerabilities in wireless technologies used extensively in the ICS world and had recent experience assessing the security of next generation deep sea oil platforms, in their presentation, Lucas and Carlos will reveal the dangers of employing poorly implemented and vulnerable communication technologies in facilities that include inherently high profile targets for terrorists; where the price of an attack can be catastrophic. Utilities and Asset managers attending the event will be able to understand and appreciate what they can do to mitigate and protect against this new class of threat.
While moderate technological advancements have been made to ICS in order to improve plant efficiencies, reduce operating costs and increase remote functionality, the security risks presented by these systems has increased exponentially.
Many ICS and Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities were designed and installed when cyber-attacks were not a prevalent threat, so unsecured network protocols did not present the same dangers as they do today. While most manufacturers and government entities now understand the vulnerabilities of these systems, they are extremely difficult and expensive to repair. There is no convenient or cost-effective means for the widespread distribution and installation of these critical security fixes.
IOActive has one of the largest professional teams of information security researchers working with ICS-CERT in the world. In addition to identifying critical vulnerabilities and threats to power system facilities, the company is working with control system manufacturers and businesses with industrial facilities directly – proactively detecting weaknesses and anticipating exploits in order to improve the safety and operational integrity of technologies that have the potential for massive economic and sociological impact when compromised.
Details of the presentation:
WHAT: Compromising Industrial Facilities From 40 Miles Away
WHERE: Magnolia Hotel, Denver, Colorado, USA
WHEN: Wednesday September 18, 2013 at 09:30am
About EnergySec Security Summit
For more than eight years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on cyber security. Professionals from the energy/utility sector, regulatory and policy, government security, information security solutions firms, technology and standards organizations, AMI suppliers, communication & networking suppliers and more – all attend this conference.
About Lucas Apa
Lucas Apa is a security researcher and consultant at IOActive. His main interests are vulnerability exploitation techniques, embedded reverse engineering, kernel vulnerability research and cryptography. Focused on offensive security he publicly discovered critical vulnerabilities in Windows, Siemens access controls and Apache projects. His work has been presented at world-renowned conferences including Black Hat, Black Hat Europe, Ekoparty and SecTor. He provides comprehensive security services working with the majority of Global 500 companies including power and utility, game, hardware, financial, media, retail, aerospace, healthcare, high-tech, social networking, and software development organizations. Lucas is also currently finishing a degree in Computer Engineering.
About Carlos Mario Penagos
Carlos Penagos is a senior security researcher and consultant for IOActive. He has worked around the world doing consulting and security trainings. His main areas of expertise are exploitation, reverse engineering, bug hunting and cryptography. Carlos holds a Bachelor’s degree in Computer Science and has been awarded with science merit honours for his graduation thesis. In his free time he has disclosed several vulnerability advisories to US-CERT, ICS-CERT and CN-CERT for the world’s most used SCADA/HMI. He also likes coding theory, number theory and ECC.
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.