The Bug Short: What I learned on the way to Wall Street.
Justine Bone presents the world's first ever cyber security-backed short position.
As CEO of MedSec, Justine and her team successfully utilized cybersecurity research to impact company performance. Working in partnership with the Muddy Waters investment fund, Justine changed the calculus of how security experts can invest, conduct, and deliver research. Justine describes the factors, gotchas, and preparation required to embark and execute on such a project, enacting a new way to monetize vulnerabilities and address the dysfunctional market around product security.
DYODE (Do Your Own Dyode) is a low cost, DIY data diode aimed at securing Industrial Control Systems. While data diodes have been used for a long time on classified networks, the high cost and complexity of implementation have kept them away from a lot of valid use cases on industrial control systems. During our assignments, we encountered many situations in which time or availability constraints were not really high -but the security risk was- and a commercial data diode way too costly.
We developed a working data diode using standard components and open source libraries. We want to prove with this project that it is possible to produce a simple, working, ICS oriented data diode for less than $200. The principles of using COTS components to make a data diode are not brand new, but we aim at providing a package software solution to ease the creation process, with a specific focus on ICS.
Our diode can be used for file transfer, Modbus data transfer as well as screen sharing for remote debugging.
We will demo v2 of the DYODE, a diode based on serial connection and optocoupler, that only allows very low speed exchanges (sufficient for Modbus) for an even cheaper cost (around 50$).