Researchers Decide Not To Give SCADA Vulnerability Talk

Last-minute change in plans spurred by Siemens, government officials

A security researcher who was scheduled to present at TakedownCon 2011 in Dallas yesterday decided to withdraw his SCADA vulnerability talk, citing concerns about the possible risk to human life.
Dillon Beresford, security researcher at NSS Labs, pulled his presentation of vulnerabilities and proof-of-concept exploit code at the 11th hour after collaborative discussions with ICS-CERT and Siemens. SCADA vulnerabilities are those that affect systems that support critical infrastructure, such as utilities and water distribution.
DHS Industrial Control Systems Cyber Emergency Response Team [ICS-CERT] frequently engages with industry partners and members of the cybersecurity community to share actionable vulnerability information and mitigation measures in an effort to better secure our nations critical infrastructure, the Department of Homeland Security said in a statement.
In this collaboration, DHS always prioritizes the responsible disclosure of vulnerability information, while concurrently providing actionable solutions and recommendations to better secure our nations infrastructure, the DHS stated. This responsible disclosure process does not encourage the release of sensitive vulnerability information without also validating and releasing a solution.
Considering the repercussion to the world at large and human lives, it is only reasonable that any responsible security organization like EC-Council will accede to a request to withdraw such a presentation from a technical conference like TakedownCon until a suitable solution has been made available to the user community, said Jay Bavisi, president of EC-Council, the organizer of the TakedownCon conference series.
Beresford has been invited to give his talk at the Hacker Halted conference in October, if he considers the vulnerabilities to be rectified.
The description of the presentation, entitled Chain Reactions--Hacking SCADA, reads: Combining traditional exploits with industrial control systems allows attackers to weaponize malicious code, as demonstrated with Stuxnet. The attacks against Irans nuclear facilities were started by a sequence of events that delayed the proliferation of nuclear weapons.
We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state, the description continues. We will also present how to write industrial grade malware without having direct access to the target hardware. After all, if physical access was required, what would be the point of hacking into an industrial control system?
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Researchers Decide Not To Give SCADA Vulnerability Talk