Professional Documents
Culture Documents
Ed Skoudis: Kineɵc Pwnage: Obliteraɵng The Line Between Computers & Physical World
Ed Skoudis: Kineɵc Pwnage: Obliteraɵng The Line Between Computers & Physical World
Theinfosecindustryhasspentdecadesstrugglingtosecurecomputersandthevital
datatheyhold,withsomesuccessesandmanyfrustrangfailures.Infosecprosand
hackersalikehaveawealthoflessonslearnedborneinourscarsfrombalesto
protectPII,PHI,andotherinformaonassets.Increasingly,however,wearefacinga
shiingthreat,asaackerstargetnotjustcomputersanddata,butinsteadthein
dustrialcontrolsystemsandrelatedequipmentweusetooperateourphysical
world.Successfulaacksinthisrealmcouldpackalotmorewallopthanmerelypur
chasingcreditmonitoringforayearorreimagingworminfectedPCs.
Inthistalk,Edwillanalyzethisshi,lookingatactualaacksagainstthepowergrid,
watersystems,transportaoninfrastructure,andmore.We'llseehowthesepara
onofthecomputerrealmfromthekinecworldisevaporang,asmostequip
mentisonlinealltheme.We'lldiscusshowhackersandinformaonsecuritypro
fessionalscanmarshallourcapabiliestoapplythehardfoughtlessons
we'velearnedinsecuringdatatothekineccontrolsystemrealm,alongwiththe
typesofnewskillsandthinkingthatwillberequired.We'llalsolookathowkinec
aacksaremodeledintheCyberCityproject,aminiaturizedtownconstructedto
helptraingovernmentandmilitarywarriorsabouthowcomputeraackscanhave
signicantkinecimpact.
Biography
EdSkoudisisthefounderofCounterHack,aninnovaveorganizaonthatdesigns,
builds,andoperatespopularinfosecchallengesandsimulaonsincludingCyberCity,
NetWars,CyberQuests,andCyberFoundaons.AsdirectoroftheCyberCityproject,
Edoverseesthedevelopmentofmissionswhichhelptraincyberwarriorsinhowto
defendthekinecassetsofaphysical,miniaturizedcity.Ed'sexperseincludes
hackeraacksanddefenses,incidentresponse,andmalwareanalysis,withover
eenyearsofexperienceininformaonsecurity.Edauthoredandregularlyteach
estheSANScoursesonnetworkpenetraontesng(Security560)andincidentre
sponse(Security504),helpingoverthreethousandinformaonsecurityprofession
alseachyearimprovetheirskillsandabiliestodefendtheirnetworks.Hehasper
formednumeroussecurityassessments;conductedexhausveanvirus,an
spyware,VirtualMachine,andIPSresearch;andrespondedtocomputeraacksfor
clientsingovernment,military,nancial,hightechnology,healthcare,andotherin
dustries.Previously,EdservedasasecurityconsultantwithInGuardians,Interna
onalNetworkServices(INS),GlobalIntegrity,PredicveSystems,SAIC,andBell
CommunicaonsResearch(Bellcore).Edalsoblogsaboutcommandlinepsand
penetraontesng.