Kaspersky Industrial CTF 2017: seven hours to cut down a plant

At the GeekPWN conference in Shanghai, we held the final competition on industrial cyber security Kaspersky Industrial CTF 2017. Almost 700 teams took part in the qualifying round. Mostly these were students from different countries who study information technology in general and cybersecurity in particular. Three teams reached the final: CyKor (South Korea), TokyoWesterns (Japan), Flappy Pig (China).



Our experts built a model for a real-life oil refinery for the competition (which one is unprincipled). The model uses the same PLC controllers that control the pressure in the tanks and control the volumes of fluids pumped by the pumps in a real plant. The circuit of their connection is also taken from reality. Plus, we built a model of 110/10 kV step-down substation on standard controllers manufactured by ABB and Siemens.



')





As you know, now mainly used are smart controllers connected to a local technological network. But this network, as a rule, has connection with the outside world for remote control and monitoring. For example, with a local network of plant management or energy company. And they, in turn, have access to the Internet.



So potentially, the finalists of our CTF could gain access to the controllers and physically disable the equipment. For example, to organize a short circuit at the substation, which would lead to de-energizing the plant and would have turned into a huge loss for its owners. Or disable the protection system for heat and pressure at the plant itself, as a result of which an explosion would occur. For clarity, in our layout was laid squib.







The plant model was also equipped with a corporate network model. To solve problems, participants had to gain access to it, enhance their rights, and find vulnerabilities in several running services. Vulnerabilities were recreated by the team of our ICS CERT specifically for these competitions based on previous studies.



This type of competition not only shows which team is better, but also demonstrates the importance of properly configuring networks, and also helps to identify the vulnerabilities of particular systems.



All actions of the teams in the industrial network were monitored by our Kaspersky Industrial CyberSecurity solution and displayed on one of the screens available to viewers.







The team from South Korea won, having stepped forward at the very beginning and leading the whole competition. True, won on points. During the seven hours assigned to the teams for hacking, none of the teams could solve the main task of CTF - to break into the technological network of the enterprise model. But, according to our experts, the winners lacked only 10-15 minutes. Real criminals are unlikely to have tight time limits.







The next competition will be held in 2018, the announcement, as always, can be found here.