Welcome to the interactive agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the ICS Cyber Security Conference and training here)
Back To Schedule
Monday, October 21 • 9:45am - 10:30am
Social Engineering and Critical Facilities – Attack Methods and Prevention Techniques

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Social engineering is a primary method for obtaining unauthorized access to secure environments. Most attacks against critical infrastructure rely on some form of social engineering, with examples being email phishing, vishing, and other various techniques.

Control systems in many critical facilities are isolated from the Internet (air-gapped). This provides a false sense of security as it is common to exploit the human factor to “bridge the gap”. Even for “connected” facilities, it is often much easier to gain access using social engineering techniques than traditional hacking methods. Additionally, many control systems are not configured for proper role-based access control, with the worst offenders sharing credentials across many users with largely open permission sets. This widens the attack surface substantially and proves very helpful to the human hacker. On the other extreme, it is also possible to have a single individual responsible for all the actions in the control system. Even for the most trusted employee, this places them as a target for an Advanced Persistent Threat (APT).

In this talk, we will discuss social engineering and related attack methods with a special focus on critical facilities, SCADA systems, Operational Technology (OT) networks, vulnerabilities, and challenges. We will cover an end-to-end scenario, including target identification and reconnaissance via Open-Source Intelligence (OSINT), attack methods and useful devices (with demos) with the ultimate goal of illustrating how some attackers gain access to some of the most secure environments. Prevention strategies to avoid these attacks will then be discussed.

There are many approaches to preventing social engineering attacks on corporate environments (IT networks). These range from advanced email filtering appliances and voice recognition software to rapid credential rotation services with multi-factor authentication. Many of these technical solutions work well for IT networks, but many will pose challenges for their OT network counterparts. For instance, a security appliance should not be configured to heuristically deny traffic in a control system (for safety reasons).

OT networks are fundamentally different from IT networks and efforts to prevent attacks on these systems must consider their unique attributes. These attributes include the ability to require the “two-man rule” and “control escalation” where two people must be involved for a control action to take place (thus making it twice as difficult for the social engineer). Two-factor authentication is becoming more common in SCADA deployments (but remains disabled for various reasons).

This discussion will start with the basics and then quickly progress to more advanced techniques. Is your air-gapped environment secure? Attend this session to get assessment and prevention tips so that you can decide for yourself.

avatar for Chad Lloyd

Chad Lloyd

Security Architect, Schneider Electric
Chad Lloyd is a security architect and Senior Fellow with Schneider Electric. Chad has multiple certifications including CISSP (Certified Information Systems Security Professional) and CEH (Certified Ethical Hacker). Chad obtained his M.S. in Computer Science and his M.S. in Computer... Read More →

Monday October 21, 2019 9:45am - 10:30am EDT
Windsor DE