Seattle, USA – August 12, 2013 – The leading global provider of specialist information security services, today announced that Reid Wightman, a security consultant for the company, will present at Seattle’s embedded device security conference (EDSC) on industrial controller design issues that compromise the security of these devices and threaten the function and safety of the respective facilities where they are used.
Wightman will focus on embedded controllers used in industrial process control and SCADA systems, calling out specific design flaws and detailing new classes of attack that render them highly vulnerable.
The session will include detailing the “Insecure-By-Design” methodology largely ignored by Programmable Logic Controller (PLC) and Remote Terminal Unit (RTU) vendors to date and what must be done to better protect these critical devices going forward.
Details of the presentation:
WHAT: Hacking your Control Systems at Level 2
WHERE: Golden Gardens Park Bathhouse, Seattle, Washington, USA
WHEN: Wednesday August 14, 2013 at 13:30
Wightman is part of a team of leading SCADA security experts at IOActive that provide customized security services for SCADA vendors and asset owners, including reverse engineering, advanced control logic threat modeling, and in-depth control protocol analysis to detect weaknesses and anticipate exploits quickly. IOActive helps advance the security of SCADA vendors’ products by performing white- and black-box assessments on both software and hardware infrastructure to help improve safety and operational integrity at industrial facilities.
About Reid Wightman
As Security Consultant for IOActive, Reid Wightman is a security researcher who is passionate about security at the lowest levels of industrial control systems networks. He was the project leader of Project Basecamp, which showed that many PLCs and RTUs responsible for controlling critical infrastructure lack basic security. He previously worked for an automation system manufacturer as a hardware and firmware security researcher, and in a former life engaged in offensive security research for the US Government.
About Embedded Device Security Conference
EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.