His marching orders were clear鈥攊nfiltrate the programmable logic controller (PLC) that the plant used to control an important piece of manufacturing equipment.
The PLC management ports were protected by a firewall, but the web-enabled system dashboard was not. A flaw in the web app revealed a username and encrypted password, and after some quick decryption assistance from a colleague, this cyber expert was right where he wanted to be鈥攊nside the firewall.
With no additional security in place, the PLC was his. Now, were he so inclined, he could manipulate the equipment that it controlled, potentially causing line disruptions that would bring the plant鈥檚 production grinding to a halt.
Except, in reality, there was no plant, no line, no production. The people, the PLC, and the firewall were real, but everything else was a fiction, created for one of the S4x18 Capture the Flag (CTF) competition鈥檚 48 challenges.聽聽An annual conference focused on cybersecurity for SCADA (supervisory control and data acquisition) and ICS (industrial control systems), S4 brings together industry elites from around the globe. Held in Miami Beach, S4鈥檚 2018 CTF featured teams from as far away as Israel and Japan, and from companies as sizable as Cisco.
There defending 有料盒子APP鈥檚 S4 2017 CTF victory, Tim Nary, Tom Georgen, Rich Sala, and Ryan Brandt worked around the clock to power through challenge after challenge, including the one described above. Their efforts paid off鈥攂y competition鈥檚 end, they had firmly claimed first place.