Recap Black Hat Sessions 2019
Wrap-up report Black Hat Sessions 2019 - Part XVII Protecting your Critical Systems - 31 July 2019
Proudly we look back at the seventeenth edition of Secura's annual security conference the Black Hat Sessions.The theme for this year’s BHS was: Protecting your Critical Systems. Cyber hacks are in the news every day. We all know about the relevance of digital security. But how to protect ourselves?
Over 300 participants (decision makers, managers, CISOs, technical security experts and other interested visitors) came together on June 13th, 2019 to network and to be informed about security issues in critical sectors. Did you miss it? You can read the wrap-up reports now.
Thanks to all our participants, speakers, partners and sponsors for making BHS 2019 such a great success! We hope you have all enjoyed the conference. We look forward to organize next year's edition on 11 June 2020. Hopefully you will be there (again)! Subscribe to the periodical Secura newsletter and stay updated with the latest news.
We would like to thank all the speakers of Black Hat Sessions Part XVII: Chris van ‘t Hof (Host), Victor Gevers (Founder of GDI Foundation & Chairman of Global CERT), Jos Wetzels (Principal Security Consultant at Secura), Elsine van Os (Clinical Psychologist and Intelligence and Security Expert), Geert Pater (RDW), Max Geerling (Dutch Payments Association), Ben Kokx (Phillips), Anderson Domingues (LyondellBasell), Paul Wijninga (Agentschap Telecom), Wouter Wissink (Chubb), Liesbeth Holterman (Cyberveilig Nederland), Carlo Meijer (Radboud University Nijmegen), Ali Abbasi (Ruhr University), Jeroen van der Ham (NCSC - University of Twente - EEMCS/DACS), Robin Massink (Alliander) and Marina Krotofil (BASF).
And of course all our sponsors Venafi, Checkmarx, ISOC24, Rapid7, SCOS, TSTC, Schippers IT and our partners PviB, NLUUG, ISACA, NOREA and media partners InfosecurityMagazine, ProcessControl, AG Connect.
Black Hat Sessions 2019 Wrap-up reports
Below you will find some highlights and relevant lessons learned from the presentations. See also the links to the full reports. Note: not all talks are covered here.
Responsobile Disclosure by Victor Gevers
Victor found vulnerabilities in complex databases, servers, NAS devices and prevented valuable data from getting leaked. During the BHS he provided more news and insights into the techniques he uses to identify and alert on such huge data leaks. He gave the following message to the adience: "Stop putting thing on the internet if it is not needed" as connecting objects to the internet could lead to huge security risks with new incidents as consequence.
A Dangerous Game: Anatomy of a Cyber-Physical Attack by Jos Wetzels
It's clear that various actors are highly interested in attacking industrial control systems and are rapidly developing sophisticated capabilities to achieve a real-world physical impact. Yet at the same time the ins and outs of such cyber-physical attacks are little understood, hindering defender efforts like hardening and detection. The pro’s don’t bother with vulnerabilities; they use features to compromise the ICS: Insecure by design, legacy and lifespan, porous boundaries and visibility and control. This holds for most cyber-physical systems, not just ICS.
Furthermore Jos discussed the cyber-physical attack lifecycle illustrated by real-world case studies, and how to leverage insights into that lifecycle in order to inform effective critical infrastructure defense strategies. Two import defensive takeaways: Lesson #1: Protect the mission. To this you need to know what that mission is. “If everything is important, then nothing is.” A Cyber Mission Impact Assessment (CMIA) can be performed in order to accomplish a certain goal. Lesson #2: Double Bow tie & Defending ‘Left of Boom’. Download the slides
Chinese espionage by Elsine van Os
In her speech ‘Blended threats: espionage from a human tradecraft perspective’, she talked about economic espionage and technology theft specifically focused on Chinese intelligence market. There were several lessons that Elsine wanted to share with us:
- Chinese espionage is not new. It is a continuation of a long-term concentrated effort, although growing exponentially, as she emphasized before;
- Growing awareness of blended threats is crucial - behavioural, physical and technical; thinking broader – what is inside of the organization, how to notice signals on a behavioural level and how to manage this within an organization;
- There is a need to join forces and integrate expertise and skills in battling not only espionage, but people who derail, commit acts of sabotage, fraud, corruption and the behavioral signals that are present way before the technical display.
Monitoring, a matter of balance by Robin Massink (Alliander)
Robin has provided an in-depth approach to security monitoring and intrusion detection for SCADA systems within utilities. The SIEM used by Alliander is an OT focused system, it supports blacklisting, anomaly detection and custom scripting. On the other hand, the SIEM that is used is a common product largely fed by a syslog infrastructure, managing and preventing unauthorized communication and access attempts to networks and systems. The risks that are not correctly managed are those coming from the network itself, or the introduction of malware locally, or the management of unwanted and insufficient protected services ( FTP, Telnet, etc.).
Read the full report to gain all insights and lessons learned.
An Industrial Control System Protection Approach by Ali Abbasi
In order to protect critical infrastructures such as Industrial Control Systems, we have to understand the attacks against them, according to Ali Abbasi. A basic attack in an unprotected Industrial Control Systems network would require getting network access, understanding the process, manipulating the controller and exploiting the process. There are, however, different protection mechanisms in place that the attacker has to overcome.
Click here to read the full report of this technical deep dive.
Self-encrypting deception given by Carlo Meijer
Is hardware encryption really as secure as proclaimed by a majority of the manufacturers? In answering this question, three scenarios can be distinguished and it is beneficial to do so from an attacker’s point of view. In the first scenario, the computer has not been turned off, the encryption key is stored in such a way that an attacker can still retrieve it by performing (for example) a cold boot attack which can be performed for both hardware and software encryption. This can be done for both hardware- as well as software encryption.
Read the full report for the two other scenarios.
How to increase the security maturity level within the most critical sectors?
How to increase the security maturity level within sectors like automotive, payments and insurance? Every sector is challenged in a different way, but we also see a lot of commonalities. During the managerial track of the Black Hat Sessions various speakers addressed how they deal with security and how to increase cyber resilience within their business. The sessions were closed with a panel discussion. Get inspired by our speakers Geert Pater (RDW), Max Geerling (Dutch Payments Association), Wouter Wissink (Chubb) and Liesbeth Holterman (Cyberveilig Nederland) on how they deal with their challenges.
Secura Grand Slam Capture the Flag
This seventeenth edition of BHS contained also a Capture the Flag (CTF) competition aimed at student teams from University or Higher Education. The winners have been announced at the end of the day.
During the Black Hat Sessions Martin Hols made some amazing photos. Please visit https://www.blackhatsessions.com/resources for the photos and all presentation slides.
We look forward to next year! Hopefully you will be there (again)!
SAVE THE DATE: Black Hat Sessions 2020 - 11 June 2020
Are you interested? Keep up to date with the latest news about the event, receive exclusive (early bird) discounts and secure your seat for interactive workshops. Sign up for our periodical newsletter and we will keep your informed.