Attacking an ICS from ‘Inside Out’

Wednesday, March 9, 2016 @ 09:03 AM gHale

A hardened perimeter used to be the way to ensure a secure network, but the new approach protects in an opposite manner, which is from the inside out.

Understanding a bad guy – whether it is external or internal – can break into a network if that is what he or she truly desires, a network needs to be secure at its core and then push security out toward the perimeter.

ICS-CERT BlackEnergy Report
Breach at IN Utility
Tracking ICS Threats Difficult
Attacks Grow in Oil and Gas

Joel Langill, operational security professional and founder of, uploaded a demonstration to show a real-world scenario of how an external threat would attack an industrial control system (ICS) using social engineering vectors to gain initial access to the enterprise network, and then utilize chained exploits to pivot his way through the networks, firewalls, and hosts to finalize compromise a PLC installed on an “supposedly isolated” network deep within the architecture.

This demonstration is the result of an analysis of vectors used by sophisticated attacks and advanced persistent threats including Stuxnet, Night Dragon, Duqu, and Conficker.

The first part of the demonstration walks you through the actual attack, while the second part discusses security controls a user could apply to create a defense-in-depth solution to stop similar attacks.

The information comes from data collected from several real-world security assessments of ICS networks and those networks that interconnect with the ICS.

Click here to view the demonstration.