Henry Dalziel | Hacker Hotshots, Information Security Careers, SCADA News and Training | April 18, 2013
We had a brilliant Hacker Hotshot with Justin Searle, one of the best known personalities within the SCADA security scene. His presentation: “Pentesting Smart Grid Web Apps” was delivered in a professional and concise manner – in fact, it was really one of the best events we have had. One of the reasons it was so good was because Justin explained things in a really clear manner especially because SCADA and ICS can be a little tricky, especially for those new to the field.
For those that missed the event, or if you just arrived at this page form a search, here is a summary of the questions that were asked at the end Q&A segment of the show:
1. There is clearly a serious impact when someone hacks into a SCADA network and causes mischief. How do you convey urgency in this space? Obviously its apparent to you but do you feel that the automation security managers and decision makers in the various verticals are taking SCADA security seriously? How do you get them to take action?
2. Do you feel that all verticals are treating this with the same degree of respect. You mentioned utilities and oil and gas; I’d assume that they are at the forefront. Are there any other areas that you feel might need to pick it up a little bit and create more urgency?
3. How important is social engineering with regards to SCADA attacks?
4. In your recommendations when you are talking to your clients, do you have social engineering training as a component of the solution?
5. I’m a network engineer and am moving into security. SCADA interests me, what advice can you give me to get into the field? What training would you recommend?
6. How did you get involved in SCADA and how did you develop your expertise?
Quick reminder! We have another amazing SCADA training event coming up May 21st titled: Warning: Hackers Can Destroy Your Automation Plant – SCADA Malware Infection In 2 Simple Steps. This will be a live demo on May 21st at 12pm EST and during the 15-minute demonstration you will see how easily a hacker can create a payload with Metasploit 4.0 and infect a SCADA supervision station using a USB stick.