Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Tuesday, August 2 • 18:00 - 18:55
DYODE: Do Your Own DiodE for Industrial Control Systems.

Sign up or log in to save this to your schedule and see who's attending!

While data diodes have been used for a long time on classified networks, the high cost and complexity of implementation have kept them away from a lot of valid use cases on industrial control systems. During our assignments, we encountered many situations in which time or availability constraints were not really high -but the security risk was- and a commercial data diode way too costly. This often meant directly connecting external networks to the ICS, only to exchange a flat file once a day or near real-time data at a very slow rate.

We developed a working data diode using standard components and open source libraries. We want to prove with this project that it is possible to produce a simple, working, ICS oriented data diode for about $200. We absolutely do not aim at replacing current commercial data diodes, but hopefully open the way for cheaper, simpler devices that are currently not available on the market by providing a working example with open-source code (that will soon be published on github). The principles of using COTS components to make a data diode are not brand new (see “previous work” below), but we aim at providing a package software solution to ease the creation process, with a specific focus on ICS.

This is an ongoing project, with a lot of room for improvement, but it is already working for basic functions.

Speakers
avatar for Arnaud Soullie

Arnaud Soullie

Senior consultant, WAVESTONE
Arnaud Soullié (@arnaudsoullie) is a senior security auditor working at Wavestone. In five years, he performed 100+ penetration tests and security audits. His topics of interest include Industrial Control Systems and Windows Active Directory security, two topics that tend to collide nowadays. His hobbies include motorbike riding and drinking (french) wine (not at the same time fortunately).


Tuesday August 2, 2016 18:00 - 18:55
Common Ground Florentine G