October 5, 2015 at 13:40Kaspersky Industrial CTF: time to protect substations, and time to break substations
Enough of pure theorizing about the imperfection of existing systems for protecting critical infrastructure - it is time to move on to the practical part. We suggest picking up checkers and trying to hack into a digital substation. No, not this one. Layout. To be absolutely precise, we propose to take part in CTF-competitions, in the final of which there will be an opportunity to try the existing model of digital substation for strength. But first things first.
Anyone who tried to understand in detail what “critical infrastructure” is, automated process control systems, PLCs, relay protection and automation devices and how industrial safety systems are arranged will confirm that protecting such systems is not easy. Proof of this is the fact that the press is constantly reporting on major technological incidents: one , another , third , and so on. Maybe not all industrial accidents occur due to hackers, but is it not just that they happen?
The main problem with protecting critical infrastructures is that models of industrial objects are not enough to study its effectiveness - it would be nice to have working models of hackers. Preferably on a 1: 1 scale. Fortunately, the topic of industrial cybersecurity has recently become so popular that many organizers of various CTF competitions began to include relevant competitions in their program ( one , two , three examples ). Extremely useful activities. On the one hand, the organizers monitor the progress of conditionally hostile thoughts, on the other hand, participants look for the most hardcore holes, earning valuable prizes and invaluable experience. But experience, as you know, you will not drink.
Since the protection of critical infrastructure is also in our area of interest, we also decided not to stand aside and organize our CTF with a substation and hackers. We invite everyone (and, most importantly, capable) to go through the CTF qualification online and, if they win, to take part in the Kaspersky Industrial CTF practical security competitions, which will be held as part of the ICS Cyber Security Conference: Time to Act.
Our stand, which we propose to try for strength, is a model of a digital substation built in accordance with the IEC 61850 standard , based on:
• industrial switch QSW-2100;
• hardware and software complex Ruggedcom RX 1000 ;
• controllers and terminals of relay protection and automation (RPA) SIEMENS SIPROTEC 4 ;
• GPS time servers;
• SCADA-servers SIEMENS SICAM PAS and SIEMENS Simatic WinCC ;
• various physical equipment connected to relay protection and automation equipment, in particular, models of power lines (power lines).
Tournament participants will be able to try:
• conduct a successful attack (or demonstrate the possibility of carrying it out) on the systems of our stand;
• gain control over the management system;
• disable or disable relay protection and emergency control terminals;
• disable operational locks of the access control controller;
• arrange a short circuit on the power line model (that is, literally “light up” :)
Obviously, the opportunity to play with such equipment is not often available. And therefore - time and number of places are limited: two days and 15 free ottomans, respectively. So only three winning teams of the qualifying round will be able to take them.
To win the qualifying round, the teams need, firstly, to submit applications no later than October 14, before midnight. Secondly, on October 16 at 18:00 Moscow time, to receive tasks and detailed instructions by e-mail (here we will help them a bit - we will send the corresponding links). And, thirdly, upload the results of those tasks that they managed to complete through a special form on the tournament website no later than 48 hours later (that is, October 18 until 18:00). Well, it is also advisable to score more points than the other applicants.
PS
The tournament finals will be held from October 29 to 30 in Imperial Park Hotel & SPA in Moscow. Transfer, accommodation, meals and unrestrained fun will be fully provided by the organizers.
Anyone who tried to understand in detail what “critical infrastructure” is, automated process control systems, PLCs, relay protection and automation devices and how industrial safety systems are arranged will confirm that protecting such systems is not easy. Proof of this is the fact that the press is constantly reporting on major technological incidents: one , another , third , and so on. Maybe not all industrial accidents occur due to hackers, but is it not just that they happen?
The main problem with protecting critical infrastructures is that models of industrial objects are not enough to study its effectiveness - it would be nice to have working models of hackers. Preferably on a 1: 1 scale. Fortunately, the topic of industrial cybersecurity has recently become so popular that many organizers of various CTF competitions began to include relevant competitions in their program ( one , two , three examples ). Extremely useful activities. On the one hand, the organizers monitor the progress of conditionally hostile thoughts, on the other hand, participants look for the most hardcore holes, earning valuable prizes and invaluable experience. But experience, as you know, you will not drink.
Since the protection of critical infrastructure is also in our area of interest, we also decided not to stand aside and organize our CTF with a substation and hackers. We invite everyone (and, most importantly, capable) to go through the CTF qualification online and, if they win, to take part in the Kaspersky Industrial CTF practical security competitions, which will be held as part of the ICS Cyber Security Conference: Time to Act.
Our stand, which we propose to try for strength, is a model of a digital substation built in accordance with the IEC 61850 standard , based on:
• industrial switch QSW-2100;
• hardware and software complex Ruggedcom RX 1000 ;
• controllers and terminals of relay protection and automation (RPA) SIEMENS SIPROTEC 4 ;
• GPS time servers;
• SCADA-servers SIEMENS SICAM PAS and SIEMENS Simatic WinCC ;
• various physical equipment connected to relay protection and automation equipment, in particular, models of power lines (power lines).
Tournament participants will be able to try:
• conduct a successful attack (or demonstrate the possibility of carrying it out) on the systems of our stand;
• gain control over the management system;
• disable or disable relay protection and emergency control terminals;
• disable operational locks of the access control controller;
• arrange a short circuit on the power line model (that is, literally “light up” :)
Obviously, the opportunity to play with such equipment is not often available. And therefore - time and number of places are limited: two days and 15 free ottomans, respectively. So only three winning teams of the qualifying round will be able to take them.
To win the qualifying round, the teams need, firstly, to submit applications no later than October 14, before midnight. Secondly, on October 16 at 18:00 Moscow time, to receive tasks and detailed instructions by e-mail (here we will help them a bit - we will send the corresponding links). And, thirdly, upload the results of those tasks that they managed to complete through a special form on the tournament website no later than 48 hours later (that is, October 18 until 18:00). Well, it is also advisable to score more points than the other applicants.
PS
The tournament finals will be held from October 29 to 30 in Imperial Park Hotel & SPA in Moscow. Transfer, accommodation, meals and unrestrained fun will be fully provided by the organizers.