Cyber Security Tech Talk at the University of California, Berkeley

On November 28, Kaspersky Lab ICS CERT experts held the first tech talk on industrial cyber security for students of the University of California, Berkeley. The event was organized by Christel Gampig-Avila, Educational Programs Manager at Kaspersky Lab Critical Infrastructure Defense Department, and Berke1337, a group of computer security enthusiasts at UC Berkeley.

The tech talk was hosted by Kaspersky Lab ICS CERT researchers Roland Sako and Pavel Cheremushkin.

The talk was held in a video conference format: the experts used Skype to connect to the auditorium where the students had gathered.

Roland Sako introduced the main concepts of industrial cyber security and existing methods and approaches to penetration testing for industrial automation systems. He also shared some details of a real-world investigation of an incident at an industrial facility.

Pavel Cheremushkin talked about searching for and analyzing vulnerabilities in industrial systems and offered instructive examples of vulnerabilities in popular applications, such as the FFmpeg video converter, being identified and exploited.

The students listened to the experts’ presentations with great interest, asked questions on implementing protection in various systems and discussed methods used to search for vulnerabilities.

“All students demonstrated a high level of technical knowledge. They were most interested in practical issues: how long an average penetration test takes, how we interact with vendors to address the vulnerabilities found, what measures should to be taken to use various IoT devices securely,” commented Roland Sako. “The most valuable part of our communication was that we were able to share our actual experience of working and doing research in the area of computer security.”

Both the organizers and the participants look forward to such events being held on a regular basis. The next meeting of Kaspersky Lab ICS CERT experts with UC Berkeley students is scheduled for the beginning of 2018.