Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | mike-spaulding |
View: | 197 times |
Download: | 3 times |
ATTACKING AUTOMATIONHACKING FOR THE NEXT FIFTY YEARS
THE FLINTSTONES MEET THE JETSONS
AdvisoryOpinions are my own and not the views of my employer(s)My tweets are my ownI will not discuss anything about my employer(s)
Automation History
Skipping the history of mechanical automation, Industrial Automation was first driven by Honeywell in the 1970’s.Dick Morley created the first PLC ‘The Modicon’ in 1968 for General Motors while working for Bedford and Associates.
Why Automate?Detailed tasks could be automated and they could be performed with greater speed and better quality.Modern manufacturing leverages automation & robotics to complete as many tasks as possible.
Evolution ofAutomation
As Information Technology increased in speed and power, the ability to manufacture became easier and faster. Output increased, costs reduced over time.So where did all of those manufacturing jobs go? They evaporated. Poof!
Automation over TimeConvergence occurs and the closed network of traditional automation becomes networked, open.
What are we automating?
Wind Power PlantsLicense Plate ReadersBreweriesNuclear Power PlantsHeating/HVACUse your imagination.
Getting Familiarwith Automation
Home AutomationNestBelkin WeMo (me snickers)RoombaAmazon Echo
What can we do with home automation?
IFTTT - If This Then That
What does security do today?
We Script! Yay!Python, Java, PowershellSo why do we script? We hate to do repeatable work - truth!When we buy ‘security tools’, let’s face it, we are buying ‘glammed’ up automation scripts.
Automated Network Security
Truth is: If you make everything virtual you can automate the ‘hell’ out of your environment.Aside from the perimeter, after normalizing internal traffic, much of this could be automated and compartmentalized into simple rules.
Automated Application Security
Static AnalysisDynamic AnalysisVulnerability ManagementIf you think it cannot be done, check out the AppSecUSA 2012 talk by Twitter’s Security Engineering team: Collins, Matatall, Smolen
So how do we handle the cloud?
Again, it is virtualized, so we can automate it, but should we automate security?We should take a few steps to improve the odds.We can apply these steps to any automation effort.This is LEAN AUTOMATION at its best.
So what about AI?Artificial Intelligence
We could use AI to do certain security functions. Still relatively simple, but it is progressing.Samantha West IBM WatsonMicrosoft Tay (she’s racist)
Can we use Scheherazade?
So could we harness the collective power of an information security team to automate the security response to certain situations - all based on storytelling?Evil vs. Good?
What will be automated?
Fast FoodTransportationCoffee BaristasRetail83% of jobs paying less than $20 an hour today.
Automation: A Force Multiplier
Ability to Monitor More ResourcesUse technology to its fullest; no need to bring in temps, contractors, etc.Automate Zero Day Detection and Patching (Heartbleed)
The Reality - Ready or Not
We are a long way off from having an automated ‘utopia’, but automation is coming.Security will need to adopt a new mind set - embrace virtual infrastructure, embrace the change in culture.
So what about the staff …
In the post-automated environment, InfoSec staff will be able to focus on more quality driven efforts allowing the staff to move and respond more quickly.The key will be to show the value add that the InfoSec team provides directly to the business or risk being … outsourced!
References & Resources
https://ics.sans.org/media/An-Abbreviated-History-of-Automation-and-ICS-Cybersecurity.pdfhttps://www.youtube.com/watch?v=Ivc5Sj0nj2chttps://www.troopers.de/media/filer_public/60/e7/60e7dd8b-b84f-454d-b845-7ec2dea5bf69/automating_network_security_troopers_2015.pdfhttp://www.cc.gatech.edu/~riedl/pubs/aaai-ethics16.pdfhttps://research.cc.gatech.edu/inc/open-story-generationhttp://www.vox.com/2016/3/30/11332168/obama-economists-robot-automation?utm_campaign=vox&utm_content=chorus&utm_medium=social&utm_source=twitterhttps://www.shodan.io/explore/category/industrial-control-systemshttps://twitter.com/internetofshit
Contacting Me
https://www.linkedin.com/in/therealfatherofmaddog@fatherofmaddog
Shameless plug!Consider coming to Columbus BSides 2017!!