as a SCADA cybersecurity engineer it is nice to see some spotlight on our side of the network

@philipparker5291

2 жыл бұрын

Hi Patrick, given your profession I'd be curious to know if my assumption above (see my comment) is correct. Thanks!

@patrickhealy2008

2 жыл бұрын

@@philipparker5291 it is likely that they're using SCADA to control a windmill farm, yes.

@stevecross9159

2 жыл бұрын

Agreed 💯💯

@kamaleldineltayeb935

2 жыл бұрын

As a SCADA Engineer, we appreciate what you do A LOT, finally some light on our field.

@ThatSilverDude

2 жыл бұрын

As a cyber security engineer wouldn't want to maybe not have your full name on a comment online stating your profession.. sounds like you'd want to be careful given the times we are in.

You are my inspiration.... i am 11 years old in grade 5 .... l am learning networking it's very interesting to learn network hacking.... i tried my wifi adapter to keep it in monitor mode so many times but your videos made it very easy... you are my future....

@stro3277

2 жыл бұрын

I wish I started that early... lmao, in 20+ years your gonna be a future pro!

@johndicarlo225

Жыл бұрын

Like me, except with Windows 3.1 Trumpet!

@artemjetman

Жыл бұрын

Damnn, good job!!

This is my second interview with the professional hacker Occupy The Web. In this video we discuss OSINT and hacking industrial control systems (ics) using scada (supervisory control and data acquisition). Disclaimer: The opinions expressed by Occupy The Web in this interview are his own. Jump to 33:40 for Scada discussions. // MENU // 00:00 ▶ Introduction 00:41 ▶ Disclaimer 00:46 ▶ Intro With OccupyTheWeb 01:30 ▶ Ukraine Web Cam Hacking 03:55 ▶ Finding Russian Superyachts With OSINT 05:47 ▶ Why Track Russian Superyachts? 09:10 ▶ Russian Oligarchs 10:54 ▶ The KZread Comments/OccupyTheWeb is Not CIA/NSA 12:37 ▶ It's Not About the US 13:09 ▶ Getting Started with OSINT and OSINT Tools 14:51 ▶ OSINT As a Career 15:22 ▶ Other Uses For OSINT 16:38 ▶ OSINT Can Find Anything About Anybody 18:21 ▶ Phones/How To Avoid Being Tracked 19:22 ▶ Turning Off Your GPS Doesn't Stop Tracking 20:35 ▶ Use a Burner Phone 23:30 ▶ Tips To Stay Anonymous Online 26:36 ▶ Different Physical Machine vs Virtual Machine for Privacy 28:08 ▶ Cellphone Networks - IP Addresses 29:36 ▶ Before We Talk About SCADA 33:49 ▶ SCADA Hacking As The Nuclear Option 38:25 ▶ Why Would It Be The Nuclear Option? 40:11 ▶ SCADA Hacking Example/The Colonial Pipeline 42:13 ▶ The Difference Between a Traditional IT System and a SCADA System 44:07 ▶ SCADA Protocols 46:03 ▶ SCADA Hacking Example/Stuxnet 49:06 ▶ Why Are These Systems Connected To The Internet In The First Place? 51:52 ▶ Almost All SCADA Systems Are Online 52:24 ▶ How To Find SCADA Systems Online 56:51 ▶ Why SCADA Attacks Aren't Simple 57:57 ▶ But There Is Still A Huge Risk For SCADA Attacks 01:01:39 ▶ How Companies Can Secure Their SCADA Systems 01:03:07 ▶ People Don't Do What They're Supposed To Do 01:05:00 ▶ Final Thoughts/Teaser For The Next Video With OccupyTheWeb 01:05:30 ▶ Closing/Leave a Comment! // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: davidbombal.wiki/otw // Previous video // OTW video 1: kzread.info/dash/bejne/eamYu5mRidLbgs4.html // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZread: kzread.info // Occupy The Web social // Twitter: twitter.com/three_cube // Occupy The Web books // Linux Basics for Hackers: amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: amzn.to/3qCQbvh // Occupy The Web Website / Hackers Arise Website // Website: www.hackers-arise.com/?afmc=1d Using OSINT to find Yachts: davidbombal.wiki/osintyachts Can the CIA or other Intelligence Agencies Track My Every Move: davidbombal.wiki/ciaphonestracking SCADA Hacking: The Key Differences between Security of SCADA and Traditional IT systems davidbombal.wiki/scada1 SCADA Hacking: Finding SCADA Systems using Shodan davidbombal.wiki/scada2 Shodan: Using Shodan to Find Vulnerable Russian SCADA/ICS Sites davidbombal.wiki/shodan SCADA Hacking: The Most Important SCADA/ICS Attacks in History www.hackers-arise.com/post/scada-hacking-the-most-important-scada-ics-attacks-in-history SCADA Hacking: SCADA/ICS Protocols (Profinet/Profibus) www.hackers-arise.com/post/2017/07/07/scada-hacking-scadaics-protocols-profinetprofibus Lots of Scada content: www.hackers-arise.com/scada-hacking // In the News // Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems: www.wired.com/story/pipedream-ics-malware/ Ukrainian power grid 'lucky' to withstand Russian cyber-attack: www.bbc.co.uk/news/technology-61085480 An Unprecedented Look at Stuxnet, the World's First Digital Weapon www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ // Other books // The Linux Command Line: amzn.to/3ihGP3j How Linux Works: amzn.to/3qeCHoY // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@justaddjeff1988

2 жыл бұрын

You are a hero!

Absolutely a gem of a video. I belong to Industrial control systems and have been working in the industry since 2005. Each and everything in the video regarding SCADA is explained wonderfully and the cyber security vulnerabilities involved. Most of the PLC manufacturers have tightened up their security portfolio by either collaborating with cyber security companies or developing their products. IEC 62443 is the standard being followed that addresses cybersecurity for operational technology in automation and control systems.

OTW needs to be booked monthly on this channel > Valuable information!

Mr. David, I think you are a wonderful person. You are the only one who gives us all these lessons and helps us understand what the digital forest looks like. Thank you for these great seminars and we support you very much.

@davidbombal

2 жыл бұрын

You are very welcome! And thank you so much for your support!

OTW round 2! I'm a pro member on his site and his courses are awesome! As always David you have the absolute best content on KZread. No one else is even close.

@davidbombal

2 жыл бұрын

Thank you very much Jason. Some people are asking about his content in the comments. Perhaps you can answer some of them based on your experience?

@AxtionMag

2 жыл бұрын

PROPAGANDA.

I've going through these and props to you David for keeping the opinions of your interviewees uncensored. This is the way to interview people. And you do a great job in remaining neutral too.

@robotron1236

8 ай бұрын

As much as I disagree with OTW on attacking Russia, I agree with you on censorship. All opinions need to be heard, especially ones I don’t like. I don’t think Russia is the good guy here; but risking nuclear war, over a country like Ukraine, is absolutely insane. I don’t blame people for being revolted by this, but it feels like there are no adults in the room assessing the actual real world risks. Either that, or they just don’t care about the US being annihilated in a nuclear war. The latter may be closer to the truth.

@ringerbart

6 ай бұрын

What's more disturbing is the fact that Ukraine receives 120 million € per day and we hear nothing about the war anymore. As if paying more taxes through inflation will solve a war. I can't believe these 'elite hackers' are that gullible to claim Jan 6th was an insurrection while the protestors basically got a guided tour of the building as security camera footage has revealed.

great content and finally someone very seriously in this article that was talked about. The tranquility of the guest to respond is someone who understands everything that was said. I was glued to the screen for a while hehe Congratulations, the world needs people who understand and master these tools, but who use them for good.

After the first video, I read linux basics for hacker. It's a very good book. You will learn a lot. THe way it is presented makes you learn more and more. You never get bored reading the book. After finishing the book, I downloaded other books but never get engaged. I wish I could get the new book.

I just finished watching this interview and I must say, it was incredibly informative, Occupy The Web consistently delivers valuable insights by providing excellent real-world examples, which truly elevates the learning experience. It's always a pleasure to watch such content. 😀 Amazing work!

This is fantastic David, one of the best interviews with a hacker I’ve ever seen!

@davidbombal

2 жыл бұрын

Thank you!

@ArthurTugwell

2 жыл бұрын

@@davidbombal no problem mate keep up the great work and here’s to 1m followers fast approaching 🎉🎉🎉🎉

@ch3fski

2 жыл бұрын

Check out the interview with Gummo on Sof White Underbelly

@ArthurTugwell

2 жыл бұрын

@@ch3fski seen them mate, very interesting. It’s amazing what a talented hacker can do with the right resources

I'm a maintenance technician studying for the it field, I deal with plc's on a regular basis it never occurred to me that they could be a vulnerability, however during the discussion everything kinda clicked because of my experience with idustrial systems and plc's really enjoyed this one thank you.

The problem with the burner phone is we have used a warrant to get photos from Walmart because Tracfone was able to give us the point of sale then we were able to get Walmart to give us footage of the suspect at the register so we got a great description that led us to the suspect.

@filbertapplebag5663

2 жыл бұрын

Yes i don't think this guy understands how the baseband modem works in relation to the carrier. That's where the back doors for governments is, and all communications providers operating in the USA are legally required to have these backdoors.

@Braddeman

2 жыл бұрын

@@filbertapplebag5663 definitely government also have stingray devices that can track cellphones and can tell what apartment and what floor you are on in a complex. It is amazing when locating criminals or terrorist but scary in the wrong hands. It has to be a pretty bad crime to break that bad boy out. No gps needed just a cellphone signal. Also with the patriot act in certain circumstances law enforcement doesn’t even need a warrant to locate your cellphone.

I can't believe D-Bomb is almost to 1mil. I am new to the field, but had to config an HP switch and set up to tftp to a Mac a few weeks back, and used one of your videos from like 9 years ago lol. Persistence has paid off, my friend. So cool to see

OTW is the real deal. He has great books and does much to educate the public on Cyber education.

Great content as always! I have thought of starting a podcast discussing different types of networks. We are literally surrounded by networks yet we have no idea they're there, completely transparent to the mere mortals. A few examples are Ham radio networks. Theres a lot of not only voice communication going on but a lot of data like APRS, JS8, WSPR and a bunch of other protocols. Also satellite communications for different purposes like weather monitoring, flood warnings, body of water measurements and geological research. A lot of these accesible trough radio signals which can be picked up by an SDR dongle or a more advanced HackRF. All of these networks carry valuable information that can be useful.

@davidbombal

2 жыл бұрын

Thank you Daniel. Agreed - lots of networks that people are not aware about.

@kylegood2622

2 жыл бұрын

Dude I will listen to that

@hoatolagbe1

2 жыл бұрын

@Daniel Padin - yes, you are right about gamut of networks that we often overlook. Even our body is a network of systems.

Same in the US - my cell IP shows up several states away, but my home ISP will hit in the same town. Great stuff David!

Hey Mr Bombal Love from South Africa Soweto🖤. It’s nice to have someone to look up too especially from a country where tech isn’t much embraced Thank you so much for your efforts.Inspires me as a 17 year old teen to pursue Ethical Hacking.

@davidbombal

2 жыл бұрын

Never give up on your dreams!

I have been in computer science and IT field for about 4 years now But this video today just opened a whole new world (actually universe ) to me I didn't knew there is a lot of really interesting stuff going on in world that I can explore as well other than just being developer

I can't believe I'm getting this content for free. Thanks David!!

That bit about you not editing people… you’re the man. I wish media had as much integrity as you.

Yes Please! Make another video to continue on the subject of ICS systems, Thank you David.

Great content as always. Thank you David!

david dont change a thing i like when this guy gets into different things that might be uncomfortable but its all things we love to learn and hear

@Mbro-dq2do

Жыл бұрын

absolutely

I think it's also important to highlight the friction between OT and IT business objectives during a cyber attack. Generally if an IT department is compromised they pull the pin on network connections and reformat. If OT and or ICS is compromised... And the services (generation / distribution) are still flowing, that takes precedence due to financial ramifications or damage to equipment.

Great thing to motivate the self to learn after hearing this type of educational content. Thanks David...

dont hold anything back david we love learning we want to know the good the bad the ugly, i appreciate you trying to keep the conversation on OSINT and hacking but it definately is cool to hear all the other crazy things this guy knows we would a deep dive of this guys brain

@venividicredi4993

2 жыл бұрын

Problem is he admits he salting his information from the outset - meaning its worth taking all non technical opinion with pinch of same. ie why would Russia turn lights out in a NATO country like Poland when Biden (or Macron) could credit Putin with similar attack on Saudi that puts oil price so high it forces the green agenda and renders new nuclear an attractive alternative to command and control central - albeit despite the industry's admitted gross negligence, known delivery performance and selectively abusive human resource record ;)

Already looking forward to the next video with Occupy the Web, interesting stuff!!!

I'm 26 and on a new career path because of your videos and encouragement. Thank you ! This was super interesting. You beat netflix to what will surely be a future documentary.

Interesting interview. Thank you David, for bring us this kind of content.

So needed for these times, great information guys.

I love your content. Thank you for making informative videos like this easily available.

I love SCADA, I work with it fairly often.

Brilliant, have been waiting a long time for industrial network-related stuff, it helps in hardening the system. Thanks very much!

@davidbombal

2 жыл бұрын

Hope you enjoy it Akshay!

@armikatollo4449

2 жыл бұрын

👍✊🇺🇦

I am so glad you addressed these issues in these series of videos. It was quite disconcerting, and has raised my awareness concerning hacking by governments worldwide.

Wow, i have been watching this video for 5min, and i'm already SUPER hooked. This is a amazing interview, Thank you very much for this! I want to learn more stuff about cyber security and hacking, so this is great for me :))

@davidbombal

2 жыл бұрын

Thanks for your support!

Thanks David ! Your Video shares a lot of knowledge.

@davidbombal

2 жыл бұрын

Glad you enjoyed the video!

Great interview, David! Thank you! I wish you will interview Occupytheweb again and even some other experienced hackers!

What a lawful abiding hacker. The ISP "knows" him. What a lad there be now 👏

It's nice to see a fair and level approach to geopolicitics other than 'Russia bad US good'

This content is gold, thanks David

This was a great interview, I've read several of his books, great info.. the radio hacking bit at the beginning reminded me of Van Eck Phreaking.. very informative, thanks David!

@davidbombal

2 жыл бұрын

Glad you enjoyed it!

Great interview, would like to see more :) Keep up the good work!

Hi David, please add more content around cyber security of Industrial control systems. As this IT/OT convergence is going on, the lines between resources and skills are getting blurred. Collaboration among stakeholders has become so much important. But the traditional ways of working of either parties creates obstacles around implementation and execution. You may add some more interviews content of people who are working in both the fields and could shed some more light on the ongoing advancements, practices and information. Walker Reynolds of Industry 4.0 KZread channel has some excellent content. Thanks and Regards

Such great knowledge from this interview thank you David sir

This was really awesome. Looking forward to the follow-up!

@davidbombal

2 жыл бұрын

Thank you!

These chats are excellent, thanks to you both!

lots and lots of good knowledge, it opened my eyes to lot of things that i didn't know, thank you David

@davidbombal

2 жыл бұрын

Glad to hear it Omar!

David thank you so much for making this video. Not a bot

Thanks to your educational videos that did weldome me into cyber security field and it’s interesting more than I thought. Watched the first interview and it’s been an eye opener into the world that we living. Am a mechanical engineer car enthusiast and now into cyber security

@Si3r3

2 жыл бұрын

Same here

Thanks for doing this David.

It's very exciting to see you and occupy the web discussing these topics

Another great interview. 😀👍

Thanks looking for scada based videos from many days keep continuing the series please make few more videos on OT/SCADA/ICS and plc hacking and more . Finally thanks for video

Excellent job both of you!! Thank you very much for the eye opener and free lesson. I share the same conclusion with you regarding the Ukraine-Russian war - No country should be allowed to run-over another country in today's world just because the country is stronger or greater. The mistakes of the past should stay with the past - this is our generation. No more barbaric acts. For sure, I will be one of your subscribed registered students shortly. Already bought one of your books from Amazon. I just needed to complete a couple of certifications in wireless engineering, then I'll be onboarding to your classes. My background would enable me to excel in the field of hacking.

@billybuck2713

2 жыл бұрын

Tell that to north korea :(

Much love David I always get impacted by your content

@davidbombal

2 жыл бұрын

Thank you Kendrick!

I work as a Network Security Administrator for an energy company. For power plants we need SCADA online to communicate to regional systems to record our output and get paid for generation output. We literally couldn't operate as a company without it. As far as monitoring the network that is a 24/7 job for these locations because they need to run the plant.

@EETechStuff

2 жыл бұрын

I think those of us who've worked in energy companies since the 70s and 80s, when SCADA was either non-existent or in very limited use, might disagree. Not to mention the countries around the world where SCADA is still in very limited use.

amazing and a different interview based on vast scenario

@davidbombal

2 жыл бұрын

Thank you!

awesome video, i just barely actually started understanding what, im doing when it comes to like the cyber security field and this was an awesome video that made me want to furher my education

Heyy man im new here and im loving your video's, keep the great work!!❤️

Great interview. Have you thought about putting your interview content on Spotify? I'd love to download and listen in my car.

love this videos with OTW..... thank you David

@davidbombal

2 жыл бұрын

You're welcome Justin!

Two criminal fight each other, winner becomes the hero

Wow this guy is very knowledgeable. Just bought his book yesterday.

Always informative & inspiring

@davidbombal

2 жыл бұрын

Glad you think so!

This was very informative. Thanks!

Hope to discuss how to use VPS for the ethical hackers and how useful is that for them. Thank you for everything David.

@osamazynladen_

2 жыл бұрын

he already has multiple times, and it's called a vpn

Thanks for the informative videos..

your videos are really great. I mean in just one video I gained sufficient information about the topic. Thanks Man.

@davidbombal

2 жыл бұрын

Happy to hear that!

Very interesting and a great guest!

I have had a long career of working with SCADA / PLC systems. Originally there was not much of a network infrastructure, and the little that existed was for business, education, and of course military systems. SCADA networks were all stand alone and used non IP types of networks and protocols, and as such not attackable from the outside at all. As time passed and business management demanded data from the industrial control systems they were connected and many became quite vulnerable to attack once IP technologies were made a part of the PLC tech. This was often due to the ignorance of the vulnerability of the systems to the internet on the part of those 'hooking in'. In my involvement the efforts were made to put the SCADA/PLC networks behind a very restrictive firewall. Usually a restricted handful of IP addresses were allowed to cross the firewall into the control system networks. I've worked a lot with the Modbus over IP protocols as well as BACnet. These systems have virtually no useful security in themselves so access to them MUST be controlled. One further point since the hacker mentioned Modbus is that Modbus is not a discovery type of protocol. It's a protocol that allows reading and writing to registers (numeric values or control bits ) and coils (on off digital positions).. You have to have further knowledge of how the PLC is connected to devices in the field which the protocol does NOT provide for you. Sure, one could randomly turn off coils, and inject values into registers and create mayhem, but if one wanted to specifically control a particular valve for example, or like the Stuxnet scenario where they wanted to spin up the centrifuges to a higher rpm, you need a lot of additional process data that's outside the actual PLC network..

Great discussion. Big fan of three cube.

Wow this guys ability to sit very still without moving at all is very impressive ! 😂

This is excellent! Thank you!

@davidbombal

2 жыл бұрын

You're welcome Christine.

Good point, no continuity, no experience no money to fix...

Love the content...GREAT STUFF!!!

Thank you you are the best, David, great intrevview

SUCHHHH A COOOL PODCAST DAVID !!! THIS IS AWESOME!!!

dave thank u so much the point u pick the people u bring very interesting

@davidbombal

2 жыл бұрын

Thank you Solomon

good content with OTW, stumbled upon these videos as I was looking learn hacking and OTWs content is really good I recommend starting with his stuff as a beginner keep these videos coming

Wireless IP security cameras often use default passwords. I have seen this first hand, because the installer assumed the IT department would change it.

Always great video with you David! Maybe it could be a good time to have an interview with Neal 'Mr. ex NSA" to tell us what he think about all that things that happen with Russia at this moment?

@damonbartha2661

2 жыл бұрын

Sir, this is a channel for educational videos. I personally would not like to see politics in here as much as possible. It is inevitable of course due to the topic, but let's not start sharing political ideas, innuendos and ideologies; let's not get Neal or anyone else mixed in a political issue that has nothing to do with the channel, please keep this "certain culture" at a low. I respect David for many reasons, but in this video keeping it less political and more educational wins my heart. Occupy the web, I have nothing but good wishes to you and I wish you lots of luck, and please pop in more, I really value your inside information :D

David I have learned a lot from your channel and this is no exception but I have a little taught about this thing about Russian oligarchs. It would be nice to make uncomfortable oligarchs from every powerful nation that starts and maintain unfair conflicts with smaller countries

This guy needs a podcast right now! :)

I would LOVE to see more active Scada hacking demos from OTW! Would be badass to see him actually demonstrate on a few different targets how easy it really is.

Thank you!! Respect

I agree with whole Ukraine thing, but Tinkoff actually was one of the first ones to say publicly that he is against the war. He's actually a very kind guy, and lost his bussines shares now, because of his opinion.

I'm very happy to see how you conquering your successes and get ready to achive another level of success, believe me it felt so much pleasure to me bcz i started to watch your video's long long time ago, that David bombal and today's David has nothing different expect the success and the growth you achieved these days, by God Grace you will reach your every mile stone that want to. And I believe by June our family gonna reach 1m sub 🎉.keep it up David 👍

David, I've been an EE in the electric power industry for almost 45 years, working on engineering and design of the control systems your guest is discussing, and he's right on the mark regarding SCADA. But keep in mind (at least in the power industry) that it's not certain that access to SCADA could automatically result in anything more than a brief outage and inconvenience in many/most cases. Yeah, you could open and close circuit breakers and cut power to customers, etc., but unless they can find some way to cause significant damage (which would also require disabling the local protective devices) it may result in just a brief outage until technicians get there to restore everything. And at least in the power industry, it's very easy to disable the SCADA controls if a company is concerned about (or notices) outside access. Worst case, just have a technician drive up to the station and flip some switches and it's all in local mode. And also keep in mind that way back when SCADA was barely a thing, power systems operated very happily 24/7 with no need for networked SCADA. Local control systems and/or local operators controlled the equipment as things change, with nothing more than an occasional dial-up phone call in some locations to make things happen. And if something bad happens, you send a technician out to the station and he does his thing. As your guest mentioned, while SCADA definitely is more convenient and allows you to have a smaller staff, in many/most cases it may not be nearly as critical as we might think. The real concern, IMO, is the fact that these are actual, physical stations that are in every neighborhood, and anyone can just drive by and toss something over the fence. And it's been that way for many decades, even before there was an internet. So perhaps SCADA and internet isn't the real concern.

@chillydickie

2 жыл бұрын

Most already have smaller staff, all it takes is to overload the techs. I agree with local control, esp with power systems. But after everything is in local control, then it would be possible to just overwhelm with so many issues all over the place. The scale matters. Some attacks force local control, then surge demand downstream which triggers the safety and will cascade. Most attacks dont target one specific controller. In fact stuxnet (as far as is known), is weird in that it did only one thing. I agree on physical security too. Too large an attack surface is probably the real problem... (keep out signs dont really work. Haha). Keen to hear more from people in industry. Was only in the industry for a short stint.

@EETechStuff

2 жыл бұрын

@@chillydickie Keep in mind that, at least here in the US, and in many countries, the power companies are really good at responding to major outages of millions of customers over a wide area caused by major storms. And we're talking storms that cause actual physical damage of the equipment. In fact we just had a storm a week or so ago that caused some people to lose power for 2-3 days. Yeah, it was a pain, but they pull in help from many surrounding states to do repair and usually it's over for most relatively quick. Moreover they're all part of a huge electrical grid that covers 1/2 of the US and provides backup if some plants go down. And the critical loads usually have their own private generators. Life goes on. So what? Are hackers going to be able to cripple a huge area worse than that and do much more damage so that it becomes debilitating? A lot of people want to believe they can sit behind their computers and download some software and rule the world because it sounds fun and exciting, but the real world doesn't work that way. You have to actually understand stuff. Especially complex technical stuff like this.

@chillydickie

2 жыл бұрын

@@EETechStuff Cool. Glad to hear some real world examples of response times. I guess power systems are not as vulnerable at the downstream end. Although i do think other industrial systems wont fare any better.

@EETechStuff

2 жыл бұрын

@@chillydickie But the problem is that hypothetical generalities like that are kind of irrelevant. Yeah, you can always find a hypothetical case of what seems like a more vulnerable installation, but the point is that it's like a barking dog chasing a car. Okay, dog, when you catch it what are you going to do with it? In the real world you'd need a big team of experts in many fields to understand the equipment and operating conditions well enough that they could pinpoint a workable scenario, if they can even find one. People love to repeat "stuxnet", but until they can actually understand the equipment enough to reproduce their own stuxnet they're just doing a lot of empty handwaving.

Fantastic Interview !!

Great content David.

This guy is amazing. The scary part is most people are clueless about the danger.

It's called OT security, I'm currently studying..

Ok… turning into a darknet diaries. Love it David!

Thank you!!

I feel dirty just posting here. I'm familar with these systems. Modern new places will have independent safety's for all equipment. Usualy 3 devices on anything major. 2 out of three are not tied to any PLC or controller. Older ones not so much. And then devices are not checked or cycled on a regular basis. But if all are modernized, one valve will not melt it down. Typical sites will not be on the internet at all. Major sites will have top notch IT surrounding it. But it's a huge expense and it is needed. The amount of money per hour is astronomical for down time or just production profits. But one major take away is that operators or the people on the computers running the sites need to be educated on these types of things. All of them. Like at a corporate work place where you watch training videos telling you not to mess with fellow workers. Don't install software some bloke on the phone told you to. Or go to this site and type in this code. i'm guessing this is the social attack.

As a Process control engineer who's been tasked with security in the last few years. I've digested so much of this in order to attempt to secure my company's systems. All I'll say is that this statement is absolutely true.... most of this world's ICS's are at least 10 years behind their network in the form of security. It's far easier to destroy something through a PLC than it is through a network. With physical access, it's a gaurantee. If you're in a chemical plant, a nuclear plant, any plant that might have a turbine generator that uses steam or deals with caustic/acidic/toxic chemicals, this is something to be extremely concerned about. While a network hack might be more difficult, a cyber-attack onsite is almost a gaurantee. Scary stuff.

thanks this is great material

As STOK said on this channel, Cyber is thirsty as "_uck! More trained people are needed... David, Thanks for the content while keeping it real and relevant.