Hacking Chemical Plants for Competition and Extortion

Explore a comprehensive analysis of cyber-physical attacks on industrial control systems in this conference talk from the Hack In The Box Security Conference. Delve into the intricacies of hacking chemical plants for competition and extortion, following a simulated Vinyl Acetate production plant attack scenario. Learn about the stages of cyber-physical attacks, from initial reconnaissance to final execution, and understand the challenges attackers face in manipulating industrial processes. Gain insights into the potential economic damage of such attacks and their implications for manufacturers and extortionists. Examine the intersection of IT and OT security, including vulnerabilities in SCADA systems, PLC internals, and process control automation. Discover defense strategies, detection opportunities, and process hardening techniques from both attacker and defender perspectives. Understand the significance of recent APT attacks and malware like Havex in the context of targeted SCADA-hacking capabilities. Benefit from the speaker's extensive experience in ICS security, including hands-on demonstrations using the Damn Vulnerable Chemical Process framework.

Intro
Industrial Control Systems aka SCADA
Cyber-physical systems
Cyber-physical hack
Control equipment vulnerabilities
ICS-CERT recommendation
TCP/IP based communication
Hear is the plant. What is the plan?
Timing of the DoS attack
Impact evaluation
Process control automation
PLC Internals
Control logic
Interlocks
PID control
Time constants
Process control vulnerability
PLC cannot do it alone
Operator is not almighty
Why to attack ICS
Attack payload
What can be done to the process
Attack considerations
Production damage attack
Plants for sale
Hacking Chemical Plant for Competition & Extortion
Stages of SCADA attack
Traditional IT hacking
Modern IT hacking
Know the equipment
Process discovery
Espionage
Max economic damage?
Understanding control structure
Control loop configuration
Understanding points and logic
Physics of process control
Process interdependencies
Understanding process response
Control loop ringing
Process control challenges
Types of attacks
Outcome of the control stage
Alarm propagation
Fingerprints of plant dynamic behavior
How to break things?
Catalyst killers
Hacker unfriendly process
Measuring the process
Technician vs. engineer
Technician answer
Quest for engineering answer
Outcome of the damage stage
Creating forensics footprint
Defeating chemical forensics
Data synchronization and processing