Mauro Conti on Assessing the Use of Insecure ICS Protocols

Nexus: A Claroty Podcast

English - March 10, 2021 06:00 - 31 minutes - 21.7 MB - ★★★★★ - 4 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Water ISAC on Oldsmar Hack, Sector Cybersecurity

Next Episode: Josh Grunzweig on Exchange Zero Days

Prof. Mauro Conti of the University of Padua, Italy joins the Aperture Podcast to discuss a paper he coauthored last year called Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis.

The paper, co-written with Giovanni Barbieri, Nils Ole Tippenhauer, and Federico Turrin of the University of Padua and the Helmholtz Center for Information Security, examines the gaps and exposures presented by connecting industrial control systems to external networks.

Many of these networks and devices are communicating over insecure protocols that are insecure by design, lacking encryption or authentication, or are misconfigured.

Internet-scanning services such as Shodan are also blind to much industrial traffic, the paper concludes, giving operators an incomplete picture of their exposure. Attackers, meanwhile, can leverage this to intercept and manipulate industrial traffic.