BSidesKC Security Conference | April 20-21, 2018 | Cerner Innovations Campus, KC, MO

Smart City Security – Defending That Which Matters Most

Friday 1:30-5:30

Industrial Control Systems (ICS) are a poorly understood technology, yet are common to many networks including those of smart cities. The power management systems that run your favorite sports arena, the badging system that unlocks many doors, and the HVAC systems that cool critical data and control centers all rely on ICS.

In this four-hour class students will learn about the components that make up modern smart city infrastructure. A little history will be shared to expose some of the current weaknesses that exist in smart city design as well as the associated risks. Students will be introduced to the basics of Industrial Control Systems (ICS) and the components that they are likely to encounter while assessing or defending control systems in a smart city or corporate building context. Common vulnerabilities in smart cities and buildings will be covered. Students will have hands on labs in which they will learn to identify ICS components on a network and have the opportunity to analyze attack data targeting ICS controllers.

Course Learning Objectives:

  1. Attendees will be able to explain what makes a smart city “smart”
  2. Attendees will be able to describe common ICS components that are typically found within a smart city architecture
  3. Attendees will be able to discover common ICS components
  4. Attendees will be able to describe common vulnerabilities associated with ICS

Course Prerequisites:

Basic security experience and familiarity with common security terminology is recommended. The course assumes students will have little or no experience working with ICS components.

This course was designed for the following roles in mind:

  1. Security Administrators
  2. Security Analysts

Student Requirements (to participate in hands on):

  1. Fully functional laptop with access to WiFi
  2. At least 1GB of free hard drive space on the laptop
  3. At least 4 gigs of ram on the laptop
  4. The ability to install tools on the host system (typically means administrative rights on the laptop)



Terry McCorkle 

Terry is a highly diversified and resourceful technical leader with over eighteen years of experience in information technology, information security, and program leadership. He has given talks at numerous security conferences including: Black Hat Training, RSA, at Derbycon.