Announcement

Collapse
No announcement yet.

Hack The Sea at DEF CON 27

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hack The Sea at DEF CON 27


    In 1995, when the fictitious Dade Murphy and his friends stopped oil tankers from being capsized by a virus in the movie “Hackers,” “digital piracy” was just a euphemism for copyright infringement and sharing music. Today digital piracy is anything but a euphemism or fiction. From breaches by pirates seeking cargo information, to denial of service (DOS) attacks on offshore oil platforms, there are very real threats to the maritime sector.

    Modern ships are increasingly automated with industrial control systems (ICS), and networked via satellite and cellular broadband communications, making them a floating extension of the Internet of Things (IoT). $19 Trillion in goods, about the value of the entire U.S. economy, is transported by these ships annually, providing a strong incentive for criminals to attack the computers on which the maritime industry now depends. Beyond the financial stakes, these cyber-physical attacks pose significant risk to public safety and human life.

    Hack The Sea, a three day mini-conference organized by I Am The Cavalry, in collaboration with Fathom5, Project Gunsway, The Maritime and Port Security ISAO (MPS-ISAO), and American Bureau of Shipping, will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops to a ship-hacking CTF (PDF attached), to challenge the infosec community to apply their skills, red and blue, to protect our maritime critical infrastructure and human lives at sea.


    Hack The Sea--CTF (Capture The Flag)
    Fathom5 security, with help from Project Gunsway, will be hosting a capture the flag on Fathom5’s GRACE environment-- a maritime infosec lab used to teach ship hacking skills, originally developed for the US Navy. The game will provide aspiring “pirates” access to a table-top “ship” composed of real maritime systems that participants will be encouraged to pillage and plunder. At least one full day will be reserved for “open” hours for casual participants to gain familiarity with the systems, which range from radar, GPS, and AIS gear to PLCs used for engineering controls. Once participants have gained their “sea legs” they’ll be encouraged to form teams and sign-up for a point-based, timed competition for points and glory.

    Policy Cove
    Project Gunsway and I Am The Cavalry will be hosting daily panel discussions, and open “office hours” at a table staffed by a rotating cadre of experienced “policy hackers’, as well as representatives from relevant government and industry organizations. These subject matter experts will come together to discuss with attendees the emerging landscape of public policy, guidelines, and standards surrounding topics including port security, vessel safety, piracy, supply chain transparency and product security life-cycle in maritime OT. Exact schedule of days and times for SMEs and topics is still TBD.

    Buoy Talks and Mini-Workshops
    A lineup of half-hour informational talks, and one-hour hands-on mini-workshops, led by maritime SMEs to help infosec professionals get their bearings on maritime operational technology (OT) and communications protocols. Topics covered will include

    * Cargo Management including smart cargo and EDIFACT
    * GMDSS including Automated Identification System (AIS)
    * Navigation including ECDIS, GPS, and radar
    * Propulsion
    * Communications including SatComs and NMEA protocols

    Boiler Room Talks
    A lineup of fire-stoking technical talks by infosec professionals on work in the maritime sector researching vulnerabilities, conducting DFIR, engineering more secure ship systems, and more. The topics and speaker lineup for these talks will be determined by a CFP and review to be held after DEF CON CFP closes.

    The Lido Deck
    A space for casual collaboration, discussion, and hands-on learning at an unstructured, leisurely pace. Project Gunsway and other organizations will provide equipment and SMEs, as well as space for participants to bring to bring their own maritime gear for hacking or show-and-tell.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    Looking forward to 2020 and 2021!

    Comment

    Working...
    X