Henry Dalziel | Hacker Hotshots, Information Security Careers, Latest InfoSec News, SCADA News and Training | April 9, 2013
We at Concise Courses have gotten our teeth sunk into the world of SCADA. We have reported on SCADA conferences in the past, in fact there was one here in our home town of Miami at the start of the year (SCADA Security Scientific Symposium).
Anyways – we just wanted to let everyone know about two great SCADA training events we have coming up.
First off, April 16th, we have Justin Searle presenting: “Pentesting Smart Grid Web Apps” and then Marcelo Branquinho May 21st giving a live demo of how a hacker can create a SCADA Malware Infection In 2 Simple Steps and use a USB flash drive as a delivery mechanism. Both of these events are going to be amazing.
Justin, our welcome guest on our Hacker Hotshots web show, has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR) and frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and of course the Concise Courses Hacker Hotshots web show! Seriously though – Justin is a very well known SCADA personality, so take advantage and join us. The show as always will be recorded and kept on the same URL.
Marcello recently spoke at RSA 2013 and is also a highly recognized and respected SCADA expert. So, again, if security and SCADA systems are your thing – then get involved!
There has been a lot of press this year regarding SCADA – mostly fueled as a result of Stuxnet. Our research into the subject has unearthed an uncomfortable truth that a significant proportion of SCADA systems reachable from the Internet are secured by dangerously weak default passwords. For those that have no idea what we are talking about, SCADA systems essentially run power plants and for example are responsible for controlling utilities, managing the distribution of hazardous chemicals and helping monitor water treatment plants etc. The survey we refer to was commissioned by the US Department of Homeland Security. The department interviewed 600 SCADA experts and professionals working in the field and one of their primary conclusions was that most SCADA systems are in urgent need of stronger protection.
The press and public seem to prefer to listen to corporate hacks (and perhaps rightly so because it’s more interesting) and famous celebrities Twitter accounts being hacked, but the real and imminent danger in our opinion are SCADA attacks and hacks. Hopefully our training will help those already working in the space or act as a source of interest to further a career in this security niche.