[2 … 3] Conference – ITSecX “Faking at Level 1 – How Digital Twins Save Your PLCs”
2 out of 3 confirmed conference talks for 2022 – this time at ITSecX. On the 7th of October the well known cyber security conference in Austria took place – IT-Security Community Exchange (IT-SECX) at the St. Pölten University of Applied Sciences !
This years main topic was themed „Cyber Defense“ with the keynote „The Law, Policy and Diplomacy of Critical Infrastructure Protection“. Since the topics „Critical Infrastructure Protection“ go hand in hand with OT and furthermore with the use of digital twins in particular – we are able to help to outsource emulations in critical environments in order to test in-depth security and facilitate the way with firmware for pentesters. Therefore CyberDanube was in with another talk by Thomas Weber.
Our talk titled „Faking at Level 1 – How Digital Twins Save Your PLCs “ was therefore the perfect match to expand the requirements and possibilities regarding embedded security in critical infrastructure.
For those who couldn’t made it there, follow the link an watch the talk on YouTube.
Talk Content
Every year, numerous big and small incidents in industrial environments, like power plants, factories, or food supply find their way into newspapers. All those affected industries are backed by highly branched and historically grown Operational Technology (OT) networks.
A big portion of such incidents would have been avoidable, if network segmentation was done correctly and patches for user devices (not always possible in OT) were installed. Despite such known problems, that also lead to compromisation of traditional IT networks, a bunch of unknown vulnerabilities are unfortunately also present in OT infrastructure. OT in modern factories contains of networked (and smart) devices, especially on level 1, also called the control level, of the Purdue model. Devices, like PLCs, industrial router/switches, data diodes, and more are cannot be easily tested if they are in use by the factory.
Therefore, solutions for classification and monitoring from different vendors are in use to not put the running infrastructure at risk. These non-intrusive ways for getting a picture about the running infrastructure only give a partial overview from the vulnerability landscape in the OT network but cannot detect unknown vulnerabilities. Testing of such expensive devices instead of using them is often not desired due to the price, and spare items must be available, which is the reason why those devices can’t be touched too. For this reason, digital twins – in terms of virtualization – from the devices in the factory should be created for pentesting purposes.
This twins can be build with different tools (open source/ closed source) and have been used for identifying 0-days during an ongoing research project. After the creation, the virtual appliances were connected to form a full fletched OT network, to imitate a real industrial environment. Testing those virtual appliances does not harm the real infrastructure, but provides a lot of valuable information about the systems in scope. This was tested in practice during engagements and has been recreated and edited for a talk which also includes vulnerabilities that were discovered during such a test setup.
For more information, download the lectures and/or watch the recording on YouTube.
Couldn't be there ?
For all those who could not make it live, you can watch the recording on YouTube.
