HITB-Invoice-Logo

thank you for joining us!

Faking at Level 1 – How Digital Twins Save Your PLCs

Date

August 25, 2022

Time

11:30

Track

CommSec Track

Every year, numerous big and small incidents in industrial environments, like power plants, factories, or food supply find their way into newspapers. All those affected industries are backed by highly branched and historically grown Operational Technology (OT) networks.

A big portion of such incidents would have been avoidable, if network segmentation was done correctly and patches for user devices (not always possible in OT) were installed. Despite such known problems, that also lead to compromisation of traditional IT networks, a bunch of unknown vulnerabilities are unfortunately also present in OT infrastructure. OT in modern factories contains of networked (and smart) devices, especially on level 1, also called the control level, of the Purdue model. Devices, like PLCs, industrial router/switches, data diodes, and more are cannot be easily tested if they are in use by the factory.

Therefore, solutions for classification and monitoring from different vendors are in use to not put the running infrastructure at risk. These non-intrusive ways for getting a picture about the running infrastructure only give a partial overview from the vulnerability landscape in the OT network but cannot detect unknown vulnerabilities. Testing of such expensive devices instead of using them is often not desired due to the price, and spare items must be available, which is the reason why those devices can’t be touched too. For this reason, digital twins – in terms of virtualization – from the devices in the factory should be created for pentesting purposes.

This twins can be build with different tools (open source/ closed source) and have been used for identifying 0-days during an ongoing research project. After the creation, the virtual appliances were connected to form a full fletched OT network, to imitate a real industrial environment. Testing those virtual appliances does not harm the real infrastructure, but provides a lot of valuable information about the systems in scope. This was tested in practice during engagements and has been recreated and edited for a talk which also includes vulnerabilities that were discovered during such a test setup.

Speakers

Security Researcher

CyberDanube

Thomas is co-founder and security researcher at CyberDanube in the field of embedded systems, (I)IoT and OT and wrote numerous security advisories in the past. Besides his past employment, he developed an emulation system for firmware in the course of scientific work. In the past, he spoke at conferences like HITB, BlackHat, IT-SECX, HEK.SI and OHM(international).

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 25

TIME

10:30

LOCATION

CommSec Track

DATE

August 25

TIME

11:00

LOCATION

CommSec Track

DATE

August 25

TIME

14:00