[3 … 3] Conference – DeepSec 2022 “Faking at Level 1 – How Digital Twins Save Your PLCs”

[3 … 3] Conference – DeepSec 2022 “Faking at Level 1 – How Digital Twins Save Your PLCs”

3 out of 3 confirmed conference talks in 2022!

Looking back on a successfull conference marathon so far. DeepSec was a blast!

DeepSec is a very specialized and a technically deep-dive infosec event. CyberDanube had some really good conversations and some deep OT and IoT/IIoT discussions regarding our product MEDUSA. We got the chance to meet exciting contacts and made some future opportunities.

On top we had the pleasure to talk about our main topics of “digital twins out of firmware to support e.g. security assessments”, especially in critical environments on PLCs. Now, we are looking back to a successfull 2022 and further conferences like this one in 2023.

Read a short interview in advanced:

DeepSec 2022 Talk: Faking at Level 1 – How Digital Twins Save Your PLCs – Thomas Weber

For those who have not enough yet … spoiler alarm – all talks are summarized in a book! As soon as it’s available, we’ll share an update on our social media channels.

Talk Content

Every year, numerous big and small incidents in industrial environments, like power plants, factories, or food supply find their way into newspapers. All those affected industries are backed by highly branched and historically grown Operational Technology (OT) networks.

A big portion of such incidents would have been avoidable, if network segmentation was done correctly and patches for user devices (not always possible in OT) were installed. Despite such known problems, that also lead to compromisation of traditional IT networks, a bunch of unknown vulnerabilities are unfortunately also present in OT infrastructure. OT in modern factories contains of networked (and smart) devices, especially on level 1, also called the control level, of the Purdue model. Devices, like PLCs, industrial router/switches, data diodes, and more are cannot be easily tested if they are in use by the factory.

Therefore, solutions for classification and monitoring from different vendors are in use to not put the running infrastructure at risk. These non-intrusive ways for getting a picture about the running infrastructure only give a partial overview from the vulnerability landscape in the OT network but cannot detect unknown vulnerabilities. Testing of such expensive devices instead of using them is often not desired due to the price, and spare items must be available, which is the reason why those devices can’t be touched too. For this reason, digital twins – in terms of virtualization – from the devices in the factory should be created for pentesting purposes.

This twins can be build with different tools (open source/ closed source) and have been used for identifying 0-days during an ongoing research project. After the creation, the virtual appliances were connected to form a full fletched OT network, to imitate a real industrial environment. Testing those virtual appliances does not harm the real infrastructure, but provides a lot of valuable information about the systems in scope. This was tested in practice during engagements and has been recreated and edited for a talk which also includes vulnerabilities that were discovered during such a test setup.

 

For all those who would like to see the corresponding slides of the talk(s) follow the link:

https://deepsec.net/docs/Slides/2022/

Couldn't be there ?

Watch the recording on Vimeo …