Jeremy Brown is a Vulnerability Research Engineer at Tenable Network Security. Jeremy's areas of interest include vulnerability research and analysis, exploit development, penetration testing, fuzzing, and reverse engineering.
SCADA systems are just as vulnerable to attack today than they were ten years ago. The lack of security awareness by SCADA software vendors, combined with the rush of hacking these systems, make them very attractive to hackers. The focus of this presentation will be showing the disconnect between industrial control systems and secure programming, examining how some vendors "get it wrong" in regard to SCADA software security.
This presentation has something for security professionals, security researchers, ICS engineers, or anyone concerned about security issues affecting not just this nation, but electronic infrastructure around the world. I will be discussing different vulnerabilities in SCADA software, a real vendor response, other possible ones, as well as demoing a live exploit that is currently being fixed by the vendor.