Attacking Automation: Hacking for the Next Fifty Years
-
Upload
mike-spaulding -
Category
Technology
-
view
197 -
download
3
Transcript of Attacking Automation: Hacking for the Next Fifty Years
![Page 1: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/1.jpg)
ATTACKING AUTOMATIONHACKING FOR THE NEXT FIFTY YEARS
THE FLINTSTONES MEET THE JETSONS
![Page 2: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/2.jpg)
AdvisoryOpinions are my own and not the views of my employer(s)My tweets are my ownI will not discuss anything about my employer(s)
![Page 3: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/3.jpg)
Automation History
Skipping the history of mechanical automation, Industrial Automation was first driven by Honeywell in the 1970’s.Dick Morley created the first PLC ‘The Modicon’ in 1968 for General Motors while working for Bedford and Associates.
![Page 4: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/4.jpg)
Why Automate?Detailed tasks could be automated and they could be performed with greater speed and better quality.Modern manufacturing leverages automation & robotics to complete as many tasks as possible.
![Page 5: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/5.jpg)
Evolution ofAutomation
As Information Technology increased in speed and power, the ability to manufacture became easier and faster. Output increased, costs reduced over time.So where did all of those manufacturing jobs go? They evaporated. Poof!
![Page 6: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/6.jpg)
Automation over TimeConvergence occurs and the closed network of traditional automation becomes networked, open.
![Page 7: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/7.jpg)
What are we automating?
Wind Power PlantsLicense Plate ReadersBreweriesNuclear Power PlantsHeating/HVACUse your imagination.
![Page 8: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/8.jpg)
Getting Familiarwith Automation
Home AutomationNestBelkin WeMo (me snickers)RoombaAmazon Echo
![Page 9: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/9.jpg)
What can we do with home automation?
IFTTT - If This Then That
![Page 10: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/10.jpg)
What does security do today?
We Script! Yay!Python, Java, PowershellSo why do we script? We hate to do repeatable work - truth!When we buy ‘security tools’, let’s face it, we are buying ‘glammed’ up automation scripts.
![Page 11: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/11.jpg)
Automated Network Security
Truth is: If you make everything virtual you can automate the ‘hell’ out of your environment.Aside from the perimeter, after normalizing internal traffic, much of this could be automated and compartmentalized into simple rules.
![Page 12: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/12.jpg)
Automated Application Security
Static AnalysisDynamic AnalysisVulnerability ManagementIf you think it cannot be done, check out the AppSecUSA 2012 talk by Twitter’s Security Engineering team: Collins, Matatall, Smolen
![Page 13: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/13.jpg)
So how do we handle the cloud?
Again, it is virtualized, so we can automate it, but should we automate security?We should take a few steps to improve the odds.We can apply these steps to any automation effort.This is LEAN AUTOMATION at its best.
![Page 14: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/14.jpg)
So what about AI?Artificial Intelligence
We could use AI to do certain security functions. Still relatively simple, but it is progressing.Samantha West IBM WatsonMicrosoft Tay (she’s racist)
![Page 15: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/15.jpg)
Can we use Scheherazade?
So could we harness the collective power of an information security team to automate the security response to certain situations - all based on storytelling?Evil vs. Good?
![Page 16: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/16.jpg)
What will be automated?
Fast FoodTransportationCoffee BaristasRetail83% of jobs paying less than $20 an hour today.
![Page 17: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/17.jpg)
Automation: A Force Multiplier
Ability to Monitor More ResourcesUse technology to its fullest; no need to bring in temps, contractors, etc.Automate Zero Day Detection and Patching (Heartbleed)
![Page 18: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/18.jpg)
The Reality - Ready or Not
We are a long way off from having an automated ‘utopia’, but automation is coming.Security will need to adopt a new mind set - embrace virtual infrastructure, embrace the change in culture.
![Page 19: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/19.jpg)
So what about the staff …
In the post-automated environment, InfoSec staff will be able to focus on more quality driven efforts allowing the staff to move and respond more quickly.The key will be to show the value add that the InfoSec team provides directly to the business or risk being … outsourced!
![Page 20: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/20.jpg)
References & Resources
https://ics.sans.org/media/An-Abbreviated-History-of-Automation-and-ICS-Cybersecurity.pdfhttps://www.youtube.com/watch?v=Ivc5Sj0nj2chttps://www.troopers.de/media/filer_public/60/e7/60e7dd8b-b84f-454d-b845-7ec2dea5bf69/automating_network_security_troopers_2015.pdfhttp://www.cc.gatech.edu/~riedl/pubs/aaai-ethics16.pdfhttps://research.cc.gatech.edu/inc/open-story-generationhttp://www.vox.com/2016/3/30/11332168/obama-economists-robot-automation?utm_campaign=vox&utm_content=chorus&utm_medium=social&utm_source=twitterhttps://www.shodan.io/explore/category/industrial-control-systemshttps://twitter.com/internetofshit
![Page 21: Attacking Automation: Hacking for the Next Fifty Years](https://reader036.fdocuments.us/reader036/viewer/2022062412/586e72301a28ab99598b4fdf/html5/thumbnails/21.jpg)
Contacting Me
https://www.linkedin.com/in/therealfatherofmaddog@fatherofmaddog
Shameless plug!Consider coming to Columbus BSides 2017!!