Security is an applied science. Security properties and secure design are only valid in the context of a particular application or environment. Similarly, hacking techniques and tools are only useful for exploiting a specific type of bug.
In a surprising number of works on SCADA hacking, too often researchers and hackers ignore the actual physical process – “I hacked into the control system so I won!” The truth is that breaking into the system is not the same as breaking the system. The damage from an attack is limited if the attacker is unable to manipulate the control system in a way to achieve her desired outcome in the physical world. Ignoring the process means missing the most specific and interesting steps of SCADA hacking. This talk will cover:
(i) The role and importance of knowledge about physical processes and control system principles in designing full-fledged SCADA exploits
(ii) Challenges and uncertainties of process exploitation
(iii) Mitigation opportunities for defenders.
We will consider two attacks goals and scenarios: Manipulation of the process to achieve an outcome desired by the attacker in the real world and hiding the real process state from the operator to prevent response.