SCADA_and_PLC_Vulnerabilities_in_Correctional_Facilities_WP

《SCADA_and_PLC_Vulnerabilities_in_Correctional_Facilities_WP》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、SCADA & PLC VULNERABILITIES IN CORRECTIONAL FACILITIESWhite PaperTeague NewmanTiffany Rad, ELCnetworks, LLCJohn Strauchs, Strauchs, LLC7/30/2011©2011Newman,Rad,StrauchsPLCVulnerabilitiesinCorrectionalFacilitiesNewman,Rad,StrauchsAbstractOnChristmasEvenotlongago,acallwasmadefromaprisonwarden:alloft

2、hecellsondeathrowpoppedopen.Notsurehoworifitcouldhappenagain,theprisonwardenrequestedsecurityexpertstoinvestigate.ManyprisonsandjailsuseSCADAsystemswithPLCstoopenandclosedoors.AsaresultofStuxnetacademicresearch,wehavediscoveredsignificantvulnerabilitiesinPLCsusedincorrectionalfacilitiesbybeingable

3、to remotely flip the switches to “open” or “locked closed” on cell doorsandgates.Usingoriginalandpublicallyavailableexploitsalongwithevaluatingvulnerabilitiesinelectronicandphysicalsecuritydesigns,wewillanalyzeSCADAsystemsandPLCvulnerabilitiesincorrectionalandgovernmentsecuredfacilitieswhilemaking

4、recommendationsforimprovedsecuritymeasures.1PLCVulnerabilitiesinCorrectionalFacilitiesNewman,Rad,StrauchsBiographiesJohnJ.Strauchs,M.A.,C.P.P.,conductedthesecurityengineeringorconsultingformorethan114justicedesign(police,courts,andcorrections)projectsinhiscareer,whichincluded14federalprisons,23sta

5、teprisons,and27cityorcountyjails.Heownedandoperatedaprofessionalengineeringfirm,SystechGroup,Inc.,for23yearsandisPresidentofStrauchs,LLC.HewasanequityprincipalinchargeofsecurityengineeringforGage-Babcock&AssociatesandanoperationsofficerwiththeU.S.CentralIntelligenceAgency(CIA).Hiscompanyandworkwas

6、aninspirationforthe1993 movie, “Sneakers” for which he was the Technical Advisor. He was a presenter at HackersOnPlanetEarth(HOPE)in2008andDojoConin2010andisaconsultantforRecursionVentures.TiffanyStrauchsRad,BS,MBA,JD,isthePresidentofELCnetworks,LLC.,atechnologydevelopment,lawandbusinessconsulting

7、firmwithofficesinPortland,MEandWashington,D.C.Herconsultingprojectshaveincludedbusinessandtechnologydevelopmentforstart-upsandsecurityconsultingforU.S.governmentagencies.Sheisalsoapart-timeAdjunctProfessorintheco