October 2nd, 2020 | Virtual
The SANS Oil & Gas Cybersecurity Summit will bring leading experts together to discuss industry trends, challenges, and opportunities. They’ll address recent attacks and current threats, integrated IT/OT security operations, best practices, and lessons learned to benefit the community.
Presentation by Ron Brash & Bob Bevis:
Raiders of the lost RTUs, Meters, and Valves:
While IoT/IIoT is everywhere in product catalogs today, Oil & Gas is the original Joe for connected embedded things to fulfill specific purposes such as providing telemetry remotely or to monitor the health of a well or pipeline. And like many aspects of industrial systems, it was and still is the Wild West of security, updates (or lack of), and deployments, where it makes little economic sense to upgrade, enforces the fact that producers need to reduce any disruption or security risk for these devices – new or legacy.
With thousands of existing deployments, these devices are often forgotten, and whether for cyber-security or for merely inventory management due to divestment, an effective resource-friendly method is absolutely required to manage these types of systems.
This session walks through several areas (agnostically) with more than 35 years of experience on:
- Discovering technical vulnerabilities/weaknesses and horror-shows buried in these devices
- One approach to successfully enumerate, research, and support candidate devices
- A live demonstration of a hidden surprise with a device obtained from the grey-market
- And how to bring these devices into the fold for inventory/asset management with considerations for cyber-PHAZOPs & vulnerabilities