Kaspersky Lab brings together whitehats from all over the world to test the security of a virtual oil refinery
Kaspersky Lab announces the international industrial Capture the Flag (CTF) security competition, offering participants the opportunity to hack a model of a real production site facility in an oil refinery.
Kaspersky Lab announces the international industrial Capture the Flag (CTF) security competition, offering participants the opportunity to hack a model of a real production site facility in an oil refinery. Finals will be held in Shanghai on October 24.
The CTF is a unique challenge, which touches on various aspects of cybersecurity in enterprises and provides practical opportunities to test environments, as well as identify new vulnerabilities and new threat vectors in the infrastructure. This worldwide information security contest is especially beneficial for industries such as energy, gas & oil and transportation – those industries with critical infrastructure which are essential to the functioning of societies and economies. A successful attack on one of them could result in devastating damages and consequences. The CTF allows top security experts to research virtual pieces of industrial control systems, discovering unobvious security problems that can be avoided in the future. Moreover, it gives enterprises an insight into different types of possible attacks on real parts of infrastructure, helping them to provide the maximum level of protection for their industrial networks against existing and future threats.
This year, teams participating in the Kaspersky Lab Industrial CTF will be challenged with tackling a miniature process model which replicates a real production-site facility at an oil refinery. The model represents a rail tank discharger rack, consisting of a variable speed centrifugal pump, storage tanks (reservoirs), a heat exchanger and a buffer tank. In addition, participants will have a chance to test their skills and knowledge of several IoT devices.
“The organization of such events is highly important to help develop understanding of the industrial threat landscape. At our CTF competitions, we offer participants the chance to hack models of real enterprises, therefore everything that happens at a CTF site can also happen to real critical infrastructure and industrial systems. So, it provides opportunities for security researchers, as well as ICS vendors and system integrators, to better understand how ICS systems work and improve their security”, said Vladimir Dashchenko, Senior Security Researcher at Kaspersky Lab.
The industrial CTF 2017 is organized in partnership with Chinese company Keen Cloud Tech, and the finals will be held on October 24 at the GeekPWN conference in Shanghai, the world’s first hacking contest targeting smart life security.
“Kaspersky Lab is a world-leading cybersecurity provider, and we are glad to partner with it and host the Industrial CTF together with GeekPwn hacking contest in Shanghai. It provides us with a great opportunity to connect the top security researchers from all over the world, as well as to extend influence from smart life security to smart industrial security”, says Daniel Wang, CEO of Keen and founder of GeekPwn.
Prior to the finals, online qualifying rounds will be held on October 6-8, 2017. Participants will be asked to resolve different types of tasks such as Crypto, Reverse, Pwn, Web, Network and Fun.
To find out more about Kaspersky Lab CTF and to apply, please visit the website:
Registration is open until October 8, 2017.
This is the third annual Kaspersky Lab CTF competition, designed to challenge participants to solve industrial cyber security problems. Since 2015, more than 300 whitehat hackers have already participated at competitions, getting their hands on advanced models of different enterprise systems. Contest conditions are always close to real-life: Kaspersky Lab provides exact copies of the systems and equipment installed in modern enterprises.
Last year’s participants successfully hacked and disrupted the model of an energy system build at the micro grid infrastructure, in less than 24 hours. In 2015, they dealt with a digital substation. Incidentally, at each competition participants discovered several zero-day vulnerabilities which were immediately reported to the vendors.