In a few weeks I’ll be giving a talk together with Frank Lycops ( https://asvalis.com) on the hidden dangers of Operator Jail breakouts, how to test these issues, and how to prevent them. The talk will be provided at the CS3sthlm conference in Sweden (https://cs3sthlm.se/).
A brief summary of what to expect:
Operator stations are today one of the first systems/stations to interact with a distributed control system (DCS) or other industrial control systems. These operator stations often have some protection built in to restrict what the operator can do within the SCADA software and/or on the operating system itself.
Within this presentation, some of the most (easily) discovered ways are shown/explained and how these can be (ab)used to gain a further foothold within the environment.
The audience will learn more on the shortcomings of most of the operator jail solutions and what could be done to step up this game to secure this properly. Key takeaways obtained by the audience through this presentation is that you cannot trust operator jails in the thought that it properly protects attackers from gaining access to the operating system itself and thus potentially exploiting the whole DCS environment.
Make sure to drop by if you have the chance!