Kaspersky Industrial CTF: time to protect substations, and time to break substations
Enough pure theorizing about the imperfections of existing systems for protecting critical infrastructure - it's time to move on to the practical part. We offer to take checkers in hand and try to crack the digital substation. No, not this one. Layout. If to be absolutely accurate, we offer to take part in CTF competitions, in the final of which there will be an opportunity to try on the strength of the existing model of a digital substation. But first things first.
Anyone who has tried to understand in detail what “critical infrastructure” is, an automated process control system, a PLC, a relay protection device and how industrial security systems are constructed will confirm that protecting such systems is not easy. Proof of this are the reports of major technological incidents appearing in the press: about one , the other , the third , and so on. Maybe not all industrial accidents happen because of hackers, but it’s not just the way they happen?
The main problem with the protection of critical infrastructures is that for the study of its effectiveness there are not enough models of industrial objects - it would be good to have working models of hackers. Preferably on a 1: 1 scale. Fortunately, recently the topic of industrial cybersecurity has become so popular that many organizers of various CTF competitions began to include relevant competitions in their program (for example, one , two , three ). Extremely useful activities. On the one hand, the organizers are watching the course of conditionally hostile thoughts, on the other hand, the participants are looking for the most hardcore holes, earning valuable prizes and invaluable experience. And experience, as you know, you will not drink.
')
Since the protection of critical infrastructure is in our area of ​​interest, we also decided not to stand aside and organize our CTF with substation and hackers. We offer everyone (and, most importantly, able) to pass the qualifying CTF online and, if they win, take part in the Kaspersky Industrial CTF practical safety competition, which will be held as part of the “Cybersecurity ASU TP: Time to Act” conference.
Our stand, which we propose to try for strength, is a model of a digital substation built in accordance with the IEC 61850 standard , based on:
• industrial switch QSW-2100;
• hardware and software complex Ruggedcom RX 1000 ;
• controllers and terminals of relay protection and automation (RZA) SIEMENS SIPROTEC 4 ;
• GPS time servers;
• SCADA-servers SIEMENS SICAM PAS and SIEMENS Simatic WinCC ;
• various physical equipment connected to the relay protection, in particular the model of power lines (PTL).
Tournament participants can try:
• conduct a successful attack (or demonstrate the possibility of its holding) on ​​the systems of our stand;
• gain control over the control system;
• disable or disable the relay protection and emergency control terminals;
• disable the on-line blocking of the bay control controller;
• arrange a short circuit on the model of power lines (ie, literally "ignite" :)
Obviously, the opportunity to play with such equipment does not often occur. Therefore, the time and number of places are limited: two days and 15 free ottomans, respectively. So only three winning teams of the qualifying round will be able to take them.
To win the qualifying round, teams need to, first, submit applications no later than October 14, before midnight. Secondly, on October 16 at 18:00 Moscow time, we will receive assignments and detailed instructions by e-mail (here we will help them a little - we will send the corresponding links). And, thirdly, download the results of the tasks that they were able to complete through a special form on the tournament website no later than 48 hours (that is, October 18 to 18:00). Well, it is also desirable to score more points than other applicants.
PS
The final tournament will be held from October 29 to October 30 in Moscow at the Imperial Park Hotel & SPA. Transfer, accommodation, food and unbridled fun will be provided by the organizers in full.
Anyone who has tried to understand in detail what “critical infrastructure” is, an automated process control system, a PLC, a relay protection device and how industrial security systems are constructed will confirm that protecting such systems is not easy. Proof of this are the reports of major technological incidents appearing in the press: about one , the other , the third , and so on. Maybe not all industrial accidents happen because of hackers, but it’s not just the way they happen?
The main problem with the protection of critical infrastructures is that for the study of its effectiveness there are not enough models of industrial objects - it would be good to have working models of hackers. Preferably on a 1: 1 scale. Fortunately, recently the topic of industrial cybersecurity has become so popular that many organizers of various CTF competitions began to include relevant competitions in their program (for example, one , two , three ). Extremely useful activities. On the one hand, the organizers are watching the course of conditionally hostile thoughts, on the other hand, the participants are looking for the most hardcore holes, earning valuable prizes and invaluable experience. And experience, as you know, you will not drink.
')
Since the protection of critical infrastructure is in our area of ​​interest, we also decided not to stand aside and organize our CTF with substation and hackers. We offer everyone (and, most importantly, able) to pass the qualifying CTF online and, if they win, take part in the Kaspersky Industrial CTF practical safety competition, which will be held as part of the “Cybersecurity ASU TP: Time to Act” conference.
Our stand, which we propose to try for strength, is a model of a digital substation built in accordance with the IEC 61850 standard , based on:
• industrial switch QSW-2100;
• hardware and software complex Ruggedcom RX 1000 ;
• controllers and terminals of relay protection and automation (RZA) SIEMENS SIPROTEC 4 ;
• GPS time servers;
• SCADA-servers SIEMENS SICAM PAS and SIEMENS Simatic WinCC ;
• various physical equipment connected to the relay protection, in particular the model of power lines (PTL).
Tournament participants can try:
• conduct a successful attack (or demonstrate the possibility of its holding) on ​​the systems of our stand;
• gain control over the control system;
• disable or disable the relay protection and emergency control terminals;
• disable the on-line blocking of the bay control controller;
• arrange a short circuit on the model of power lines (ie, literally "ignite" :)
Obviously, the opportunity to play with such equipment does not often occur. Therefore, the time and number of places are limited: two days and 15 free ottomans, respectively. So only three winning teams of the qualifying round will be able to take them.
To win the qualifying round, teams need to, first, submit applications no later than October 14, before midnight. Secondly, on October 16 at 18:00 Moscow time, we will receive assignments and detailed instructions by e-mail (here we will help them a little - we will send the corresponding links). And, thirdly, download the results of the tasks that they were able to complete through a special form on the tournament website no later than 48 hours (that is, October 18 to 18:00). Well, it is also desirable to score more points than other applicants.
PS
The final tournament will be held from October 29 to October 30 in Moscow at the Imperial Park Hotel & SPA. Transfer, accommodation, food and unbridled fun will be provided by the organizers in full.
Source: https://habr.com/ru/post/268243/
All Articles