If industry frameworks are to inform and secure the critical infrastructure writ large, here at Black Hat there a lot of people punching holes in them, and in simple ways.
It would be one thing if some of the most critical systems have basic protections in place, like encrypted traffic and non-standard passwords, but as the talk on hacking wind farms points out – many or most don’t.
Networks shouldn’t be compromised by MiTM (Man in The Middle) by Rapsberry Pi 3 boxes spoofing ARP requests and sending write instructions to halt wind generators suddenly. But they do, and they can.
What’s needed to pull this off? Some very simple tools (released here at the show) and some rudimentary physical access.
Once you gain access, you can send commands via a SOAP interface, but also pivot and move laterally between industrial control boxes and continue the nastiness.