help promote
usenix conference policies
A Rising Tide: Design Exploits in Industrial Control Systems
Alexander Bolshev and Jason Larsen, IOActive, Inc.; Marina Krotofil, Honeywell; Reid Wightman, Digital Bond
Security is an emergent property. It is the outcome of an interaction between many sub-components and processes. One of the biggest problems of ICS security today is that systems undergo security assessments without recognizing the environment in which they are used. This has led to a situation where many systems have undergone cyber security assessments without addressing the ICS component, leading to a false sense of security. While Industrial Control System (ICS) vulnerability researchers and vendors became quite practiced at finding and fixing implementation bugs, many have minimal experience with design bugs. In the near future, we can expect the attacker community to leverage this weakness, as it did with earlier technologies. Therefore, ICS vendors must begin focusing better on the design of the environment and protocols, and ICS audits must begin now to focus on design. This paper a joint effort of the authors who independently researched design vulnerabilities in ICS with the goal of attracting more attention to ICS-specific design vulnerabilities.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Alexander Bolshev and Jason Larsen and Marina Krotofil and Reid Wightman},
title = {A Rising Tide: Design Exploits in Industrial Control Systems},
booktitle = {10th USENIX Workshop on Offensive Technologies (WOOT 16)},
year = {2016},
address = {Austin, TX},
url = {https://www.usenix.org/conference/woot16/workshop-program/presentation/bolshev},
publisher = {USENIX Association},
month = aug
}
connect with us