Emily Austin
Emily is a Principal Security Researcher at Censys, where she studies security threats and other interesting Internet phenomena. Previously, she was a security engineer focused on threat hunting, detection, and incident response. She is interested in the application of data science and analytics techniques to problems in security, and in the past has worked on projects related to anti-abuse, fraud, and malicious web app traffic detection.
Session
Security researchers have warned for years about industrial control systems (ICS) connected to the Internet. Reports on the number of devices speaking ICS protocols are often used to illustrate the severity of the problem.
However, while there are indeed many ICS devices connected to the Internet, simply counting everything that looks like it may be ICS is not the most accurate method for measuring ICS exposure. There are many ICS honeypots that should be excluded from these types of analyses, which range from relatively easy to more challenging to detect. Moreover, many of the devices speaking these protocols aren't connected to critical infrastructure at all, but personal projects or lab setups.
While large numbers make for click-worthy headlines, we strive to paint a measured yet comprehensive picture of real ICS device exposure on the Internet.
In this talk, we'll discuss the analysis process from data collection to determining whether an ICS protocol is a "real" device, what these numbers mean in context, and why you really can't believe everything you see on the Internet.