Stephen Hilt has spent years researching Industrial Control System (ICS) vulnerabilities.
If his name sounds familiar, you may have seen him speak at DerbyCon, Blackhat US, or RSA.
Now, SecureWorld had the opportunity to speak with him in our ongoing Behind the Scenes interview series.
Specifically, we asked him about the new report he has co-authored for Trend Micro and TrendLabs on cybercrime and digital threats to the Industrial IoT, Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries.
His research revealed that anyone could have changed mixtures, altered flow rates, or shut operations down at a number of water and energy plants around the world.
LISTEN: Behind the Scenes interview with Stephen Hilt, Sr. Threat Researcher, as he shares key findings on critical infrastructure (ICS) security and vulnerabilities:
The report is more than 60 pages long, covering ICS and SCADA vulnerabilities and findings on security risks at the human-machine interface, or HMI.
Here are a few excerpts from our interview with Stephen Hilt about the study he co-authored.
[SW] What was your focus in the research?
[Hilt] The reason we wanted to focus on this specific area was because we wanted to see if we were able to find ICS, HMIs, and other devices online. How targeted could we be (like an attacker could do)?
[SW] Tell us about the HMIs you found? You would have been able to control the systems, right?
[Hilt] Yes, most of these systems are a touch panel where an operator uses a touchscreen. They've been exposed... so you can remotely control these devices. You can close relays, open pumps, anything depending on the system.
[SW] What does this say about the state of ICS and SCADA security?
[Hilt] We at Trend Micro believe, and we wrote about this in the paper, a lot of these smaller places are going to be test beds for larger attacks. And where criminals start learning more about each of these systems, what they do, what the consequences are. That way they can do it on a system that's possibly not being monitored as well as their larger targets.
[SW] What are some of the other real-world threats you detail in the report?
[Hilt] Cybercriminals and nation states are up-ticking in their interest on industrial control systems. Luckily, there's a lot of good research in this space to try and report these vulnerabilities and get them fixed as quickly as we can. (TrendLabs told companies of the vulnerabilities discovered in the report.)
[SW] I know your research team looked at what is happening.
[Hilt] There are multiple pages in our new report that between 2015 and 2018 we have seen significant gain in interest in discussing these systems online, specifically on the Dark Web and underground.
[SW] How can those in ICS and SCADA IT and security use this new report to make their organizations more secure?
[Hilt] Take a look at it, read over it, make sure the things we've discussed in the paper, that these things are something you're thinking of. And use (the tools we used) to monitor your own threats.
Thanks to Stephen for taking the time to speak with us.
Read the full report here: Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries.
