Speaker: Corrado Leita (Symantec Research Labs, EU)
I'm currently a Researcher in Symantec Research Labs, the Symantec group in charge of long-term exploratory research. I obtained my Bachelor degree in 2003 and a Master’s in Computer Science and Engineering in 2006, both from the Politecnico di Torino (Turin, Italy). During this period, I joined the EURECOM institute (Sophia Antipolis, France) and performed there the last part of my studies. In 2005 I also obtained a Research Master’s in Networks and Distributed Systems from the ESSI (Sophia Antipolis, France). My master thesis was the result of six months of work in the Pervasive Computing Group of IBM Zurich Research Labs. After my Master, I joined EURECOM's PhD program and I obtained my Ph.D. in 2008 from the University of Nice. My PhD thesis focused on network intrusion detection, where I proposed a distributed honeypot deployment capable of collecting malware propagation information also in presence of 0-day attacks. Since joining Symantec in 2008, I have been mainly interested in the collection of intelligence on the threat landscape and on the use of this intelligence to devise more effective ways to counter attackers. I was involved in a number of past and current research projects aiming at this goal, such as WOMBAT and VIS-SENSE, and I'm currently acting as coordinator for the CRISALIS FP7 project, which focuses specifically on the protection of industrial control systems from sophisticated targeted attacks. I have been involved over the years in a number of program committees for major security conferences such as the Symposium on Research in Attacks, Intrusions and Defenses (RAID), Financial Crypto, the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) and the NATO-organized International Conference on Cyber Conflict, as well as journals such as ACM Transactions on Information and Systems Security (TISSEC).
Title: Who switched off the lights? Detecting targeted attacks against the power grid
The power grid is a critical resource that can be and has been targeted by cyber criminals. Industrial control systems, that govern most of its operation, have been designed with a very different mindset from standard IT environments. Their increasing interconnection and interoperation with IT technologies have opened a variety of concerns. While denial of service attacks are possible (but immediately detectable), subtle attacks aiming at interfering with the system process are a much more worrying concern. This talk will show through real-world examples how these attacks can be implemented, and will talk about the options at our disposal to learn the characteristics of these very heterogeneous systems.