Inside look at TRITON ICS MalwareCan you imagine what happens when the industrial safety controllers (SIS) at the one of the world’s largest oil company are being hacked? What if hackers could penetrate, take control and/or disable all nuclear plants and other critical infrastructure systems? Damage from the 2017 Triton attack could have reached epic proportions as the first malware of its kind to specifically target industrial safety controllers. Yet, as recent discoveries indicate, the world experienced the first-ever "evil twin" attack on both SIS and Industrial Control Systems (ICS) simultaneously. Learn what steps Schneider is taking to avoid escalation to grave consequences from these types of attacks.
Session DetailIf this was just a PLC then maybe we would not have been quite so enthralled. In this case it was a triply redundant safety controller whose entire purpose is to protect people, equipment and the environment from disaster. There is only one reason anyone would want to compromise such a device – to enable serious harm. Yes, you could imagine that a plant shutdown would cause an economic outcome, but if that was the intent, this could have been accomplished with only a few lines of Python script and the elaborate manipulation of processor memory would have been a total waste of time. No, the intent was much more than that. It was a grave one.
This session will discuss the issues and practical solutions to these three intriguing questions:
- What & Why do we need to know about the "Evil Twins" TRITON/TRISIS attack?
- Why do we need to change?
- Lessons Learned & Solutions
Session Objectives - Bring clarity to the details of this attack
- Highlight the way the much larger scope behind the Triton/Trisis Attack
- Discuss how our industry should move forward from this state
There is much still to be said about the Triton attack and practitioners in our industry need to be fully aware of these details if they are to be effective in defending against this type of attack in the critical infrastructure.