Mark.bristow at 00:59, 12 March 2012

2012-03-12T00:59:18Z

Mark.bristow: Created page with "{{:OWASP AppSec DC 2012 Header}} NOTOC == The Presentation == rightAre industrial systems airgapped?
Some are, s..."

2012-03-02T20:51:39Z

Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightAre industrial systems airgapped?<br>Some are, s..."

New page

<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude>
__NOTOC__
== The Presentation ==
[[Image:Owasp_logo_normal.jpg|right]]Are industrial systems airgapped?<br>Some are, some aren't. Unfortunately, enough of them aren't...to suggest bigger questions. Shodan has provided us with over 10,000 proofs of ICS connectivty, and visualization is the key to this story. More importantly, this data was provided to ICS-CERT to help mitigate such exposure. That data was in turn shared globally with other CERTS and CSIRTS, and the lessons are still being learned.<br>It's time to re-examine the fantasy of the airgap, and think of ways to do vulnerability and exposure management in vendor and owner agnostic ways. More importantly, how do you do vulnerability management at a national or international scale?<br>This is not a story of 'I found a couple scary things in SHODAN'. This is a theory of the underlying cause for being able to find THOUSANDS of ICS devices and logins on the open internet. Complete with open source eye-candy!
== The Speakers ==
Eireann Leverett
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

@@ Line 2: / Line 2: @@
 __NOTOC__
 == The Presentation  ==
-[[Image:Owasp_logo_normal.jpg|right]]Are industrial systems airgapped?<br>Some are, some aren't. Unfortunately, enough of them aren't...to suggest bigger questions. Shodan has provided us with over 10,000 proofs of ICS connectivty, and visualization is the key to this story. More importantly, this data was provided to ICS-CERT to help mitigate such exposure. That data was in turn shared globally with other CERTS and CSIRTS, and the lessons are still being learned.<br>It's time to re-examine the fantasy of the airgap, and think of ways to do vulnerability and exposure management in vendor and owner agnostic ways. More importantly, how do you do vulnerability management at a national or international scale?<br>This is not a story of 'I found a couple scary things in SHODAN'. This is a theory of the underlying cause for being able to find THOUSANDS of ICS devices and logins on the open internet. Complete with open source eye-candy!
+Are industrial systems airgapped?<br>Some are, some aren't. Unfortunately, enough of them aren't...to suggest bigger questions. Shodan has provided us with over 10,000 proofs of ICS connectivty, and visualization is the key to this story. More importantly, this data was provided to ICS-CERT to help mitigate such exposure. That data was in turn shared globally with other CERTS and CSIRTS, and the lessons are still being learned.<br>It's time to re-examine the fantasy of the airgap, and think of ways to do vulnerability and exposure management in vendor and owner agnostic ways. More importantly, how do you do vulnerability management at a national or international scale?<br>This is not a story of 'I found a couple scary things in SHODAN'. This is a theory of the underlying cause for being able to find THOUSANDS of ICS devices and logins on the open internet. Complete with open source eye-candy!
 == The Speakers  ==
-Eireann Leverett
+<table>
 <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

OWASP AppSec DC 2012/Denial of Surface - Revision history

Mark.bristow at 00:59, 12 March 2012

Mark.bristow: Created page with "{{:OWASP AppSec DC 2012 Header}} __NOTOC__ == The Presentation == rightAre industrial systems airgapped?Some are, s..."

Mark.bristow: Created page with "{{:OWASP AppSec DC 2012 Header}} NOTOC == The Presentation == rightAre industrial systems airgapped?
Some are, s..."