back

On the insecure nature of turbine control systems in power generation

A security study of turbine control systems in power generation

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:12
Language
English
Abstract
A deep dive into power generation process, industrial solutions and their security implications. Flavoured with vulnerabilities, penetration testing (security assessment) methodology and available remediation approaches.

The research studies a very widespread industrial site throughout the world – power generation plants. Specifically, the heart of power generation – turbines and its DCS – control system managing all operations for powering our TVs and railways, gaming consoles and manufacturing, kettles and surveillance systems. We will share our notes on how those systems are functioning, where they are located network-wise and what security challenges are facing owners of power generation. A series of vulnerabilities will be disclosed along with prioritisation of DCS elements (hosts) and attack vectors. Discussed vulnerabilities are addressed by vendor of one of the most widespread DCS on our planet. During the talk we will focus on methodology how to safely assess your DCS installation, which security issues you should try to address in the first place and how to perform do-it-yourself remediation. Most of the remediation steps are confirmed by vendor which is crucial for industrial owners.

Talk ID
10689
Event:
36c3
Day
2
Room
Dijkstra
Start
11:30 a.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
repdet
@_moradek_
c0rs
Talk Slug & media link
36c3-10689-on_the_insecure_nature_of_turbine_control_systems_in_power_generation

Talk & Speaker speed statistics

Very rough underestimation:
129.3 wpm
745.1 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
129.3 wpm
745.1 spm
systempowersecurityserverthingsapplicationsiemensautomationserviceexampleplantsservicesinsidenetworkfindtalkmethodsystemsclientrmaplantindustrialsoftwareturbineplccontrolrolepublicprocessfilespassworduserissuesjavagenerationcasecalledhugeconfigurationelectricityvulnerabilitiesperformworkremotesppathingfactvulnerabilitylistvendors