蘑菇视频

His marching orders were clear鈥攊nfiltrate the programmable logic controller (PLC) that the plant used to control an important piece of manufacturing equipment.

The PLC management ports were protected by a firewall, but the web-enabled system dashboard was not. A flaw in the web app revealed a username and encrypted password, and after some quick decryption assistance from a colleague, this cyber expert was right where he wanted to be鈥攊nside the firewall.

With no additional security in place, the PLC was his. Now, were he so inclined, he could manipulate the equipment that it controlled, potentially causing line disruptions that would bring the plant鈥檚 production grinding to a halt.

Except, in reality, there was no plant, no line, no production. The people, the PLC, and the firewall were real, but everything else was a fiction, created for one of the S4x18 Capture the Flag (CTF) competition鈥檚 48 challenges.聽聽An annual conference focused on cybersecurity for SCADA (supervisory control and data acquisition) and ICS (industrial control systems), S4 brings together industry elites from around the globe. Held in Miami Beach, S4鈥檚 2018 CTF featured teams from as far away as Israel and Japan, and from companies as sizable as Cisco.

There defending 蘑菇视频 Allen鈥檚 S4 2017 CTF victory, Tim Nary, Tom Georgen, Rich Sala, and Ryan Brandt worked around the clock to power through challenge after challenge, including the one described above. Their efforts paid off鈥攂y competition鈥檚 end, they had firmly claimed first place.

With bragging rights on the line, the CTF鈥檚 stakes were high, but they were nothing compared to what 蘑菇视频 Allen鈥檚 world class cyber workforce normally faces from 9 to 5.

鈥溎⒐绞悠� Allen鈥檚 cyber professionals protect operational technology (OT) systems for some truly critical industry and infrastructure,鈥� says Kyle Miller, a 蘑菇视频 Allen OT cybersecurity expert. 鈥淭heir work might help secure a factory that makes life-saving pharmaceuticals or a power plant that keeps the lights on for millions. The stakes don鈥檛 get higher than that.鈥�

At a water treatment plant, the real-life equivalents of the remote terminal units (RTUs), human-machine interfaces (HMIs), and PLCs that Tim, Tom, Rich, and Ryan were infiltrating at S4x18鈥檚 CTF might work together to control and collect data on processes like the measurement and flow of various treatment chemicals. At an oil field, they might do the same for things like pump pressure and pipeline flow.

鈥淲e know what kind of vulnerabilities adversaries like to exploit on these systems because we鈥檝e practiced exploiting those vulnerabilities ourselves,鈥� says Tim, who goes toe-to-toe with cyber criminals on a daily basis as the leader of聽蘑菇视频 Allen DarkLabs鈥� red team.

As critical to operations as they are, you鈥檇 think robust cybersecurity would be standard for OT systems, but the fact is many of them have little to no security at all.

鈥淚t鈥檚 common for facilities to be running on ICS equipment that鈥檚 20 or 30 years old,鈥� says Kyle. 鈥淭hey weren鈥檛 designed with connectivity in mind. Now they鈥檙e being networked and sometimes even made fully internet-accessible with almost no thought given to cybersecurity.鈥�

蘑菇视频 Allen鈥檚 OT cyber teams pair battle-tested cyber experts, like Tim with engineers who have decades of experience designing and running industrial control and SCADA systems in the commercial, federal, defense, and international realms.

With that combined expertise, we can do things like help an oil and gas company use network redundancies to patch real-time ICS components without taking them offline, thereby avoiding safety compromises and production interruptions.

鈥淲e have a really broad portfolio of clients when it comes to industrial cyber services,鈥� Kyle says. 鈥淲e鈥檝e done everything from power plants to oil and gas to water and waste water to hi-tech critical manufacturing.鈥�

Want the peace of mind that comes with having your ICS secured by one of the biggest, most experienced players in industrial cyber?聽Learn more about what our DarkLabs team can offer.