Researcher finds new security flaws in SCADA PLC systems, decides not to expose them at TakeDownCon.
In a blog post today at nsslabs.com, NSS CEO Rick Moy lauded the infosec acumen of researcher Dillon Beresford, saying “In the course of his research, significant additional vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by affected parties.”
Beresford’s latest research, which was set to be presented today at the TakeDownCon Security Conference here in Dallas, centered around exploiting security vulnerabilities in programmable logic controllers(PLCs) in SCADA systems. Similar to exploits which led to mass outages and equipment failures at Iranian nuclear facilities last year, Beresford found several flaws in the systems after conducting about 2 months of NSS-sponsored research.
In an article at Wired Threat Level, Beresford praised the ICS-CERT‘s handling of the matter, but added, “They just said it was far-reaching and more serious than anything they’ve ever dealt with…”