{"id":23453,"date":"2020-12-14T14:12:57","date_gmt":"2020-12-14T06:12:57","guid":{"rendered":"https:\/\/version-2.com\/?p=23453"},"modified":"2022-03-07T14:40:46","modified_gmt":"2022-03-07T06:40:46","slug":"how-scadafence-defended-a-dod-supplier-from-over-50-cyber-attackers","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2020\/12\/how-scadafence-defended-a-dod-supplier-from-over-50-cyber-attackers\/","title":{"rendered":"How SCADAfence Defended a DoD Supplier from Over 50 Cyber-Attackers"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The \u201985 Bears of Cyber Physical Security<\/strong><\/p>

A few days ago, our elite cybersecurity team of defenders, faced over 50 of the world\u2019s top hackers and security practitioners in the Hack the Building event. <\/p>\n

The event was born from a joint partnership between MISI<\/a> (Maryland Innovation and Security Institute) and USCYBERCOM<\/a> (the United States Cyber Command), is an unrivaled, hands-on live facilities critical infrastructure cybersecurity challenge. <\/p>

Hackers, federal labs, building automation companies, academia and government agencies all competed to infiltrate, disrupt or take over a connected smart building and the computing systems and data inside of a government-owned building. <\/p>

 <\/p>

A Real-World Target<\/strong><\/p>

The event is built around a specially-designated, real-world target: A live, fully-equipped 150,000 square-foot \u201csmart\u201d office building near Annapolis, Maryland that teams on-site and remote are challenged to attack through its diverse IT, control systems, Internet of Things (IoT)<\/a>, access control, surveillance camera, building automation<\/a> and other systems.<\/p>

 <\/p>

The Attack Scenarios<\/strong><\/p>

The event was split into two parts, two days each. On the first part, 13 pre-planned attack scenarios took place, and on the second part, the network was open to any type of attack, allowing attackers and defenders to play in a more chaotic cyber war zone.<\/p>

The building was equipped with many types of assets, such as PLCs, BAS controllers, industrial robots, power distribution units (PDU), IoT controllers, IP cameras & NVRs, serial to ethernet converters, and many other devices.<\/p>

Each scenario targeted different assets and required different methods to reach the targets. For example, in one scenario the attackers broke into the data center\u2019s cooling system, shutting it down, resulting in server shutdown. In another scenario, the fire alarm system has been disabled.<\/p>

The full list of scenarios is available here<\/a>. <\/p>

To simulate a real scenario, many details about the network were unknown to the defensive team. Moreover, some details that were provided were plain wrong, due to outdated network maps. These missing details made the defender\u2019s job more difficult.<\/p>

 <\/p>

Vulnerabilities Discovered by SCADAfence <\/strong><\/p>

The network had a number of common security issues:<\/p>