Attacking and Defending Building Automation Systems at Scale: A Case Study
- Billy Rios
- Saturday, December 13th, 7:15pm - 8:15pm
Modern facilities (such as corporate headquarters) are marvels of engineering. These buildings employ numerous embedded and software systems to help ensure convenience, business efficiency, and even security. The door that unlocks after you swipe your badge is managed by an access control system. The lights and energy flowing to your building are managed by an energy management system. The HVAC systems that keep your data center cool are controlled by an environmental control system. These invisible embedded and software systems make modern life in the corporate facility efficient, convenient, and comfortable. Given the importance and of these systems, how do we secure a modern smart building? What about a corporate campus full of thousands of automation systems? Let's take a look how building automation systems are hacked and explore approaches to secure building automation systems at scale.
Billy's Bio:
Billy is an accomplished author and speaker. Billy is recognized as one of the world's most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. He has been publically credited by the Department of Homeland Security (DHS) over 50 times for his support to the DHS ICS Cyber Emergency Response Team (ICS-CERT). Billy has led several prestigious security teams including security teams at Microsoft and Google. Billy was a Lead at Google where he led the front line response for externally reported security issues and incidents. Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company's response for several high profile incidents, including the response for Operation Aurora. Before Microsoft, Billy worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.
Billy currently holds an MBA, Master of Science in Information Systems, and a Master of Military Operational Arts and Sciences. He was a contributing author for several publications including: Hacking, the Next Generation (O'Reilly), Inside Cyber Warfare (O'Reilly), and The Virtual Battle Field (IOS Press).
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Friday, December 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session- Welcome to SANS | Dr. Eric Cole | Friday, December 12th, 8:15am - 8:45am | Special Events |
| Stay Ahead of the Adversary with Network Security Analytics | Mike Nichols, Senior Manager, Sales | Friday, December 12th, 12:30pm - 1:15pm | Lunch and Learn |
| Women In Technology Reception | — | Friday, December 12th, 6:15pm - 7:15pm | Reception |
| Continuous Ownage: Why you Need Continuous Monitoring | Eric Conrad | Friday, December 12th, 7:15pm - 9:15pm | Keynote |
Saturday, December 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| How Isolation vs. Detection Can (finally) Help Solve the APT Problem, and Why Should I/My Organization Care? | Sebastian Taphanel, Consulting Systems Architect | Saturday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| SANS Technology Institute Graduation | Alan Paller, Sally Vandeven | Saturday, December 13th, 7:00pm - 8:00pm | Special Events |
| An Introduction to PowerShell for Security Assessments | James Tarala | Saturday, December 13th, 7:15pm - 8:15pm | SANS@Night |
| Security Awareness Metrics: Measuring Human Behavior | Lance Spitzner | Saturday, December 13th, 7:15pm - 8:15pm | SANS@Night |
| Attacking and Defending Building Automation Systems at Scale: A Case Study | Billy Rios | Saturday, December 13th, 7:15pm - 8:15pm | SANS@Night |
| Securing The Kids | Lance Spitzner | Saturday, December 13th, 8:15pm - 9:15pm | SANS@Night |
| Everything They Told Me About Security Was Wrong | John Strand | Saturday, December 13th, 8:15pm - 9:15pm | SANS@Night |
Sunday, December 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| Connect the Dots with Domain Name Intelligence from DomainTools | Mark Kendrick, Director of Business Development | Sunday, December 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Defending Your Global Perimeter | Jonathan Trull, Chief Information Security Officer, Qualys, Inc | Sunday, December 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Cyber Crime As a Business: How Criminal Networks Use "Cloud Servies" and "Involuntary Contribution Associates" to Make Money | Tom Byrnes, CEO of ThreatSTOP | Sunday, December 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Continuous Monitoring and Mitigation | Timothy Jones, Federal Systems Engineer | Sunday, December 14th, 12:30pm - 1:15pm | Lunch and Learn |
| SANS Technology Institute Reception and Information Session | Bill Lockhart, Executive Director, SANS Technology Institute | Sunday, December 14th, 5:45pm - 7:15pm | Reception |
| Gone in 60 Minutes: Have You Patched Your System Today? | David Hoelzer | Sunday, December 14th, 7:15pm - 8:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Sunday, December 14th, 7:15pm - 8:45pm | SANS@Night |
| The Threat Landscape of PKI: System and Cryptographic Security of X.509, Algorithms, and their Implementations. | Blaine Hein- Master's Degree Candidate | Sunday, December 14th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Introduction to IDA Pro and Debugging | Stephen Sims | Sunday, December 14th, 8:15pm - 9:15pm | SANS@Night |
| The 13 Absolute Truths of Security | Keith Palmgren | Sunday, December 14th, 8:15pm - 9:15pm | SANS@Night |
| Home-Field Advantage: Hunting the Advanced Persistent Threat by Interdicting their Tactics with Network Traps & Snares | Matthew Toussain - Master's Degree Candidate | Sunday, December 14th, 8:15pm - 8:55pm | Master's Degree Presentation |
Monday, December 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Monday, December 15th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Solutions Expo | — | Monday, December 15th, 5:30pm - 7:30pm | Vendor Event |
| NetWars Tournament of Champions | Ed Skoudis & Tim Medin | Monday, December 15th, 6:30pm - 9:30pm | Special Events |
| A Night of Crypto | G. Mark Hardy | Monday, December 15th, 7:15pm - 9:15pm | SANS@Night |
| Debunking the Complex Password Myth | Keith Palmgren | Monday, December 15th, 7:15pm - 8:15pm | SANS@Night |
Tuesday, December 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Fortinet Next Generation Firewalls | Will Tipton, Security Engineer | Tuesday, December 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Are Privileged Accounts a Vulnerability Risk? Absolutely. | Rod Simmons, Director of Privilege Management, BeyondTrust | Tuesday, December 16th, 12:30pm - 1:15pm | Lunch and Learn |
| NetWars Tournament of Champions | Ed Skoudis & Tim Medin | Tuesday, December 16th, 6:30pm - 9:30pm | Special Events |
| IT Security meets Research: Lessons from NASA's Science Labs | Joel Offenberg, Vantage Systems, Inc. | Tuesday, December 16th, 7:15pm - 8:15pm | SANS@Night |
