Amol Sarwate

Director of Vulnerability Labs, Qualys Inc

Amol Sarwate

Paper Title

2014 The year in which we cannot ignore SCADA


This session is the result of a yearlong study of the most recent SCADA vulnerabilities that affected industrial control systems and critical infrastructure. The study includes root cause analysis, attack vector scrutiny, consequence of successful attack and finally remediation study for SCADA vulnerabilities in the past year. Attendees will get an insight into the factors that resulted in the nature, magnitude and timing of the harmful outcomes in order to identify what actions need to be taken to prevent recurrence of similar harmful outcomes. The presentation will study different attack vectors and payloads by which a malicious entity can gain access or completely compromise critical infrastructure or industrial control systems. It will also study in detail the immediate consequences of a successful attack and the repercussions that it can have on SCADA network and organization. The presenter will discuss many real life vulnerability case studies as well as present aggregate results for all vulnerabilities included in the study. Based on this aggregation the presenter will offer strategies, policies and best practices for attack mitigation which can be used by attendees in their day-to-day field of work. The presentation will conclude with guidance on how these best practices can be leveraged by control system owners to get to an acceptable security. Attendees who are in charge of control system infrastructure will get insight on vulnerabilities that affected their systems. Engineers who are in-charge of security for control systems will get a better technical insight of attacks. Attendees who are new to control systems will get an excellent overview of security complexities of control systems.

Speakers Bio

Amol heads Qualys' team of security engineers who manage vulnerability research. His team tracks emerging threats and develop new vulnerability signatures for Qualys' vulnerability management service. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. At Network Associates, he contributed in the development of security products like CyberCop Scanner and Gauntlet Firewall. At Hitachi Semiconductor, Amol managed a team that developed device drivers for RISC processor based boards. Amol has presented his research on Vulnerability Trends, Security Axioms and SCADA security at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, BSides, InfoSec Europe, NullCon, GrrCon, Homeland security Network HSNI and FS/ISAC. He regularly contributes to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. He writes the "HOT or NOT" column for SC Magazine. Web:

Want to connect with Amol?

You may find Amol on these social networks :

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved