The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region! This year’s conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.
Back To Schedule
Wednesday, April 25 • 9:15am - 10:00am
Hacking Safety Controllers for Fun and Profit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Safety Controllers (Safety Instrumented Systems) have always been considered immune to attacks as last barrier of plant safety, and claimed to be designed to ensure safe and reliable operation for Industrial Control Systems (ICS) and Supervisory Control and DataAcquisition (SCADA) environments. Unfortunately, the recent research and in-the-field experience indicate misplaced confidence (based on SIL) and overall weak security practices since these devices themselves form another attack surface for the determined adversaries.

This presentation discusses vulnerabilities found by Applied Risk research team across various state of the art safety controllers, which are commonly used in industrial environments. Advanced attack vectors will be discussed where attackers could exploit the discovered vulnerabilities to gain control over the device, including connected industrial assets.In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.
Examples will be given for topics including: 
  • From research to exploitation (a la basecamp)
  • Manipulate the safety logic
  • Live Demo

avatar for Gjoko Krstic

Gjoko Krstic

Senior ICS/IIoT Security Researcher, Applied Risk
Gjoko is a Senior ICS/IIoT Security Researcher at Applied Risk in Amsterdam, The Netherlands. He has been active in the “security industry” for almost 14 years. He has experience in many fields in cybersecurity including: penetration testing, malware analysis, vulnerability and... Read More →

Wednesday April 25, 2018 9:15am - 10:00am PDT
Stamford Ballroom