In this talk, we surveyed firsthand many real ICS and SCADA systems, performing penetration testing on several of them. We counted the attack vectors present in this real ICS environment. In our presentation, we will share serveral real-world ICS and SCADA examples on Critical Manufacturing. We will also give a behind-the-scenes view (starting with real-world ICS security assessment) based on different ICS/SCADA systems in several CI sectors. Finally, we will provide serveral sample attack demos. We recreated these in our lab to demonstrate the attacks against real-world ICS equipment in-depth. We will also review 6 common defense strategies to help secure an ICS environment. We believe that such an analysis will help the enhancement of subsequent defense strategies.

Nowadays heating, ventilation, and air conditioning (HVAC) system are indispensable in many places, such as hospitals, factories, office buildings and even in residentials. Most of HVAC systems have a Human Machine Interface (HMI) and can be easily managed remotely. While convenience is improved, the security of HVAC control systems is often neglected.

This time, we have investigated popular HVAC control systems that have web-accessible HMIs. During our research, some products were found to be vulnerable to attacks such as credentials disclosure and privilege escalation. Furthermore, many of them could be found on the Internet. Since HVAC control systems are usually connected to other building systems and facility equipment, if HVAC control system is taken over, other systems would be attacked easily. In this session, we will introduce possible attack scenarios and how to mitigate these attacks.