Speaker
Brice Copy
(CERN)
Description
In the past few years, the landscape of cyber threats against critical infrastructures has dramatically changed, with the advent of sophisticated and targeted attacks backed by large and extremely well organized teams. Vendors and asset owners have been implementing the required policies and best practices to reduce the chances of a disaster reoccurring, but we can argue that the foundations are still shaky, as actual devices are still not subject to rigorous robustness testing.
In this talk, we will take a look at initiatives launched by the French National Agency for Information Systems Security (ANSSI) and the German Federal Bureau for Cybersecurity (BSI) to offer an open-source fuzzing platform that will support both a black-box, fire-at-will testing approach and a much more surgically precise way of testing network-enabled industrial control devices.
Author
Brice Copy
(CERN)
Co-author
Filippo Maria Tilaro
(CERN)
