Operations Technology Security (OTSec) MasterClass #1
Version: 1.0....Updated: 31 March 2022
OTSec MasterClass #1: Securing the Bridge between Cyber and Physical Worlds: Cybersecurity for PLCs
| Dr David Formby |  |
Abstract Programmable logic controllers (PLCs) are the vital bridge between the cyber and physical worlds in industrial Control System (ICS) networks, but they are still being sold insecure by design. Hard-coded key vulnerabilities are unpatchable, passwords are weak or non-existent, and critical control commands are sent using unauthenticated protocols, meaning any adversary on the network can impact the physical process. PLC vendors have known of these flaws for over a decade and still struggle to correct them, leaving the burden of securing them entirely on the operators. This talk explored a range of approaches that operators can take themselves without relying on the vendors to harden their PLCs including secure PLC coding practices and program anomaly detection.
About the presenter David is the co-founder and CEO/CTO of, Fortiphyd Logic, the most innovative company securing the networks of critical Industrial Control Systems (ICS). He received his Ph.D. from the Georgia Institute of Technology (Georgia Tech) where he focused on developing novel attacks and defences for ICS networks. Formby presents regularly at both academic and industry conferences, including RSAC 2017 where he demonstrated a proof-of-concept ransomware attack on a Programmable Logic Controller (PLC) and Black Hat Arsenal 2018 where he released Graphical Realism Framework for Industrial Control Simulations (GRFICS), a free virtual ICS network for hands-on training, allowing students to practice exploiting common ICS vulnerabilities and vividly see the physical impact in the visualisation of the process.
Content:
.....
