Dallas, TX (PRWEB) May 19, 2011
Dillon Beresford, security researcher at NSS Labs, who was scheduled to present at TakedownCon 2011 on SCADA vulnerabilities chose to withdraw his presentation at the 11th hour after collaborative discussions with ICS-CERT and Siemens regarding the serious consequences it may have to human lives and the world at large. The vulnerabilities and PoC exploit code were provided to ICS-CERT and Siemens, and has been verified. Rick Moy, CEO of NSS Labs was quoted as saying "Protecting human life is the primary goal of every ethical researcher, and Dillon's work and efforts have been exemplary in every regard."
Exploitation of vulnerabilities in systems can always have negative effects, such as loss of availability, productivity, data loss or compromise, and even result in identity theft and financial loss. However, unlike classic computer crime and exploitation, where data is remotely stolen or manipulated, attacks on industrial control systems can have devastating physical world implicationssuch as loss of life and environmental impact.
“Considering the repercussion to the world at large and human lives, it is only reasonable that any responsible security organization like EC-Council will accede to a request to withdraw such a presentation from a technical conference like TakedownCon until a suitable solution has been made available to the user community” said Jay Bavisi, the president of EC-Council, the organizer of the TakedownCon conference series.
ICS vulnerabilities are an emerging threat to national cyber security of immense importance, and research into this area is just beginning. While there are relatively few known vulnerabilities in the ICS space, there are tens of thousands of ‘traditional’ computing vulnerabilities.
Leonard Chin, Conference Director of TakedownCon had quickly briefed the conference attendees on this development and made changes to the program to accommodate this change. “We are proud to note that Dillion has done the right thing. Should it be appropriate, we will welcome Dillion to present his findings at the Hacker Halted conference in Miami in October,” he was quoted as saying.
About NSS Labs, Inc.
NSS Labs, Inc. is the leading independent, information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select and maintain complex security products for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. NSS Labs tests are considered the most aggressive in the industry. Founded in 1991, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit http://www.nsslabs.com.
TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Developed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.