Publication date: May 8, 2018

ICS/SCADA hackers: choose your own adventure at PHDays

Few people realize how much cities depend on industrial control systems. ICS components are found in the most diverse industries, including manufacturing, energy, transportation, and utilities, among many others. They do more than just make production more efficient—they help to control traffic and optimize consumption of water and power. So what would happen if someone suddenly dragged this infrastructure back to the pre-automation age? One could idly speculate, but instead we recommend coming to Positive Hack Days and seeing for yourself. Guests and participants will be invited to try to find ICS/SCADA vulnerabilities and even attack the infrastructure systems of an entire mock city.

The technical zone at PHDays 8 will host the SCADA bugs comeback stand by Gleg, a company specializing in vulnerability research. Stand visitors will be able to compete at SCADA hacking. Over two days, hackers will have free reign of industrial systems made by Wonderware InTouch, iFIX, IGSS, KingView, and IntegraXor, as well as network equipment from Hirschmann and Advantech. Participants' task is simple: to find as many vulnerabilities as possible. Both beginners and experts are welcome. Laptop is required. Results will be announced on May 16 at 2:00 p.m., with fun prizes for the champions.

After the awards ceremony, at 3:00 p.m. the organizers will use several SCADA systems to demonstrate how vendor efforts to fix one mistake can actually cause new issues.

Throughout the entire forum, The Standoff will see teams of attackers, defenders, and security operations centers fighting for control of a virtual city. The battleground will contain the full-fledged digital infrastructure of a large modern metropolis. Participation is restricted to teams that have registered for The Standoff.

During The Standoff, attackers will look for weak spots in the security of real industrial equipment used to control factories, hydroelectric plants, city transport, lighting, oil and gas operations, and more. The scope of damage is limited only by attackers' imagination and the protection systems in place on different network segments.

The mock city includes systems responsible for lighting, heating, air conditioning, video surveillance, residential complexes with building management systems (BMS), smart homes, transport system, IoT devices, railroad, electrical plant and substation, hydroelectric plant, oil refinery, and petroleum storage and transportation. Although the city diorama may resemble a toy, with its miniature trains and tank farms, all of the city's digital infrastructure is the real article.

We also recommend another two stands specially for those interested in ICS/SCADA hacking. The Fizpribor stand will be home to the H@rd Logic Combat contest, which pits participants against solutions used for low-level automation and accident protection for in-development Russian industrial control systems for nuclear energy. Over two days, participants will try their best against ALTLinux and QNX components, as well as algorithmic modules based on hard logic.

The second stand of note is MeterH3cker, with its contest for hacking the smart grid. The contest will last for the duration of the forum and all visitors are welcome to take part.

Get your PHDays tickets now! A two-day ticket costs RUB 14,400 and a one-day ticket costs RUB 9,600.

All news