Are CAN networks really unsafe? Well no, kinda. Maybe. I’ve spent a great deal of time working on CAN networks, and for the most part, they are extremely predictable. I’ve never actually seen an attack in the “wild” in ICS on a CAN Bus. So why protect them? Simply put they are everywhere! You’ll be hard-pressed to walk into an oil refinery and not find them, you can’t drive home or fly on a commercial airliner without them.
So whenever I dove into this issue, it was to solve the issue demonically and once and for all. I presented my findings at S4 (A major cyber security convention focusing on the energy Industry) I had kind of mixed feedback about the research. Understandably because most people in the room didn’t seem to be aware that it wasn’t just something in your car, this is where cyber security has a major downfall. The same guy/girl experienced enough to work on an IDS is rarely an electronics engineer and vise versa… The video below explains at a high-level what exactly forensics are on a CAN Bus.
So when the report from ICS-CERT was published without thorough mitigation. I saw this as an opportunity to talk about what’s possible today. And hopefully, help everyone gain a little better understanding of what they can do. Contact me if you would like more on this, Dale Peterson at S4 might find the video of my speech one of these days;) I’ll link to it if he does. Here is the paper ICS-CERT references in the report and why you are probably reading this now. The slide deck from my speech below.