Researchers Decide Not To Give SCADA Vulnerability Talk

  /     /     /  
Publicated : 22/11/2024   Category : security


Researchers Decide Not To Give SCADA Vulnerability Talk


Last-minute change in plans spurred by Siemens, government officials



A security researcher who was scheduled to present at TakedownCon 2011 in Dallas yesterday decided to withdraw his SCADA vulnerability talk, citing concerns about the possible risk to human life.
Dillon Beresford, security researcher at NSS Labs, pulled his presentation of vulnerabilities and proof-of-concept exploit code at the 11th hour after collaborative discussions with ICS-CERT and Siemens. SCADA vulnerabilities are those that affect systems that support critical infrastructure, such as utilities and water distribution.
DHS Industrial Control Systems Cyber Emergency Response Team [ICS-CERT] frequently engages with industry partners and members of the cybersecurity community to share actionable vulnerability information and mitigation measures in an effort to better secure our nations critical infrastructure, the Department of Homeland Security said in a statement.
In this collaboration, DHS always prioritizes the responsible disclosure of vulnerability information, while concurrently providing actionable solutions and recommendations to better secure our nations infrastructure, the DHS stated. This responsible disclosure process does not encourage the release of sensitive vulnerability information without also validating and releasing a solution.
Considering the repercussion to the world at large and human lives, it is only reasonable that any responsible security organization like EC-Council will accede to a request to withdraw such a presentation from a technical conference like TakedownCon until a suitable solution has been made available to the user community, said Jay Bavisi, president of EC-Council, the organizer of the TakedownCon conference series.
Beresford has been invited to give his talk at the Hacker Halted conference in October, if he considers the vulnerabilities to be rectified.
The description of the presentation, entitled Chain Reactions--Hacking SCADA, reads: Combining traditional exploits with industrial control systems allows attackers to weaponize malicious code, as demonstrated with Stuxnet. The attacks against Irans nuclear facilities were started by a sequence of events that delayed the proliferation of nuclear weapons.
We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state, the description continues. We will also present how to write industrial grade malware without having direct access to the target hardware. After all, if physical access was required, what would be the point of hacking into an industrial control system?
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Decide Not To Give SCADA Vulnerability Talk