SCADA/ICS systems are among the greatest concerns for cyber warfare/cyber defense organizations. These systems are particularly vulnerable for a number of reasons including--, but not limited to-- the fact that so many SCADA/ICS organizations have relied upon security through obscurity for so many years.
These industrial control systems are critical to any nation's infrastructure and thereby, their economy. In this section, we will be showing how these systems can be found, hacked and controlled.
Like any type of hacking, we need to do reconnaissance first. Obviously, you can't hack what you don't see. We'll start with a few tutorials on how to find SCADA/ICS systems with Shodan, Google hacking and nmap. Then, we will progress to;
(1) the basics of how these systems work including their primary protocols (Modbus, DNP3, ProfiBus, OPC, etc)
(2) a few case studies of major SCADA/ICS hacks
(3) and finally, how to hack and exploit them.
One of the big challenges for SCADA/ICS security engineers is monitoring for security events. This tutorial demonstrates how to use Splunk to monitor security in SCADA/ICS with the Kepware server plugin.
SCADA/ICS systems are particularly susceptible to a Denial of Service attack and such attacks can be devastating. This tutorial demonstrates how to DoS a Modbus based facility.
Schneider Electric makes building automation systems among other SCADA/ICS systems. In this tutorial, we demonstrate how easily these systems can be hacked and controlled
Hacking the Schneider Electric TM221 with modbus-cli
Hacking a modbus based system with Metasploit