[Presentation from SecurityWeek’s 2017 Singapore ICS Cyber Security Conference]
Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted.
This session demonstrates how PLC software can be modified without operators being aware, and outline the potential impact on ongoing ICS processes. An attack demo shows how to simulate an engineering workstation operation to change the firmware of the PLC while keeping the communication with the SCADA system intact.
Various defense methods to protect PLCs against such attacks are presented, including embedded end-point protection mechanisms, proxy application firewalls and periodic configuration validation.
Presenter: Ilan Barda – CEO, Radiflow