Cybersecurity for Critical Infrastructure, or ‘how to break into a nuclear power station for fun & profit’

Dr Richard Gold, Cisco Systems, UK

Cyber Security for Critical Infrastructures such as the power grid, oil & gas pipelines and dams has become a hot topic since the Stuxnet malware attack against the nuclear enrichment centrifuges in Iran. However, due to intrinsic issues with the field of Critical Infrastructure (a.k.a., ICS or SCADA), it is difficult to deploy standard IT security solutions “as is” to these systems. In this talk I discuss the problems associated with deploying effective security processes in Critical Infrastructures, the various types of security holes which these system contain and a step-by-step approach to exploiting a Critical Infrastructure installation. Thinking from the attacker’s perspective allows us to get an insight into how these systems are vulnerable and how a potential attacker might exploit them.