Project RunAway

Project files are the blueprints of the industrial process, these files can contain network configuration, screen definitions, hardware and software configurations and the actual automation logic of the controllers.

Access to the project file means access to knowledge on the most important and secret elements of the production floor.

Because of their sensitivity, these files should be kept in a well-secured manner like an internal vault, but due to the growing need to share and collaborate with suppliers it’s hard to keep track and the data might end up in the wrong hands.

In our research we have discovered a large amount of highly confidential industrial data located on the internet.

The data contains multiple manufactures, suppliers and orchestrators from different sectors and geographical locations. The amount and spread of the data and companies leads us to believe that this is not a one time event or incident but a systematic issue.

In the presentation we will:

  • Explain the basic components and structures of some project files
  • We will explain how the research was performed.
  • Explain about the threat landscape connected to this data and explain about the inherent insecurity of the supply chain
  • We will showcase how an attacker might use this data to target a company and use the data from the files to successfully affect the operation of the process
  • We will showcase what can be derived out of the automation logic, both by noting past research works that have been done on this topic and by proposing new possibilities
  • We will share statistics about the amount of companies, sectors and geo locations of the affected companies
  • We will propose a few options for the potential sources of the leaks
  • We will discuss the different security methods a victim should apply

Type of target audience –

  • Knowledge in automation & risk management – advantage

Audience should expect –

  • Understanding a threat intelligence research process
  • Understanding of the threat involved with this kind of leakage
  • A clear rundown of potential attacks on OT environment

Key takeaways –

  1. Security guidelines for protecting critical OT data
  2. Security guidelines for securing the supply chain process

Previous Presentation

Markus Mahrla

Next Presentation

Mike Dodson