by Caspar Gries, Security Engineer
On October 17th and 18th, I visited the German developer conference heise devSec in Heidelberg. Despite the mainly web-centric orientation, the convergence of IT and OT (operational technology) was a hot topic.
A number of speakers, including the keynote by Miko Hyppönen from F-Secure, outlined the risks of insecure IoT systems. The stories were all quite similar: Manufacturers of OT devices such as building automation controllers or jacuzzi monitoring systems want to become part of the “Internet of Things“.
So they go ahead and tack an HTTP server with a fancy Web GUI onto their product. Usually, these stories conclude with hackers taking over the box and all of its attached peripherals (think: chlorine dispenser), plus compromising the customer’s network.
By pure coincidence, I also used the very same example of a Process Logic Controller (PLC) in my own talk. The core concept I presented was a “fill-in-the-blanks” security architecture template for systems based on a Separation Kernel such as PikeOS.
Twitter
LinkedIn
Facebook
Pocket
RSS
