Back to Home

Kaspersky Industrial CTF 2017: seven hours to cut down a plant / Kaspersky Lab's blog

ctf · asu tp · industrial safety · kics

Kaspersky Industrial CTF 2017: seven hours to cut down the plant



    At the GeekPWN conference in Shanghai, we held the finals of the Kaspersky Industrial CTF 2017 industrial cyber security competition. Almost 700 teams took part in the qualifying round. Mostly these were students from different countries studying information technology in general and cybersecurity in particular. Three teams reached the final: CyKor (South Korea), TokyoWesterns (Japan), Flappy Pig (China).

    Our experts have built for the competition a model of a real oil refinery (which one is not important). The model uses the same PLC controllers that control the pressure in the tanks and control the volumes of liquids pumped by the pumps in a real plant. The connection diagram is also taken from reality. Plus we built a 110/10 kV step-down substation model on standard ABB and Siemens controllers.




    As you know, now they use mostly “smart” controllers connected to a local technological network. But this network, as a rule, has a connection with the outside world for remote management and monitoring. For example, with a local factory management network or energy company. And they, in turn, have access to the Internet.

    So potentially the finalists of our CTF could gain access to the controllers and physically disable the equipment. For example, to organize a short circuit at the substation, which would lead to a blackout of the plant and would result in enormous losses for its owners. Or turn off the heat and pressure protection systems at the plant itself, which would result in an explosion. For clarity, a pyro cartridge was laid in our layout.



    The factory model was also equipped with a corporate network model. To solve the problems, participants had to access it, increase their rights and find vulnerabilities in several running services. Vulnerabilities were recreated by our ICS CERT team specifically for these competitions based on previous research.

    This type of competition not only shows which team is better, but also demonstrates the importance of properly configuring networks, and also helps to identify vulnerabilities in specific systems.

    All actions of teams in the industrial network were monitored by our Kaspersky Industrial CyberSecurity solution and displayed on one of the screens available to viewers.



    The team from South Korea won, coming forward at the very beginning and leading throughout the competition. True, she won on points. In the seven hours allotted to the hacking teams, none of the teams were able to solve the main task of CTF - to break into the technological network of the enterprise model. But, according to our experts, the winners did not have enough of 10-15 minutes. Real attackers are unlikely to have strict time limits.



    The next competition will be held in 2018, the announcement, as always, can be found here.

    Read Next