Applied Risk @ ICS Singapore 2019 | Hacking Building Management Systems, Emerging Cyber Security Legislation & Advanced ICS Hacking Training

Join Applied Risk at the upcoming Industrial Control System Cyber Security Conference in Singapore next week, April 16th - 18th. We have a full value-packed offering for attendees, so check it out below!


Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments remains susceptible to basic cyber security attacks. What began as a small enumeration of the exposure of Security Access Control Platforms on several Internet-connected device search engines, grew into a research project covering several Building Management Systems (BMS) or Building Automation Systems (BAS) and its various sub-categories.

The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building. In the case of this research, more than 10 million people could be affected by the findings presented.

This presentation discusses vulnerabilities found by Applied Risk research team across several BMS components and products from various vendors in the industry. Multiple vulnerabilities have been identified that could result in the total compromise of entire buildings and critical facilities (e.g. banks, hospitals, industrial facilities, government, residential…etc.).

See more info at


Critical Infrastructure has seen an increase of Cyber Security legislation on a national and on an international level. In addition to this increase, stakeholders now pay more attention to compliance to external standards; and compliance has become a benchmark; even a competitive differentiator. But to organizations this may feel like more effort and attention is put on achieving compliance than actually improving cyber security. In this talk, we will discuss:

  • What new legislation, including Singapore's Cybersecurity Act, means to Critical Infrastructure
  • How to manage additional and evolving compliance requirements
  • Why compliance for compliance sake isn’t the answer
  • How to use compliance to drive improvement
  • Case study: What does the journey to compliance look like for the example of the NIS Directive

See more info at


Advanced ICS/IIoT Security 1-Day Conference Training

Industrial Control Systems (including DCS, HMI, PLC, SCADA, SIS) and Industrial IoT are often poorly understood, yet they are used in the most critical environments in the world. Although they generally remain unseen they are responsible for the smooth running of our daily routines from the moment we turn on a tap in the morning, to turning off the lights at night.

This one-day training will take a deep-dive into advanced ICS security techniques and provide participants with the knowledge that they need to safely evaluate and protect these systems against emerging cyber threats.

The course will also provide methodologies through which security research may be performed against ICS devices in order to identify zero-day vulnerabilities; taking a deep dive into industrial protocols used within low-level ICS assets such as OPC, IEC 60870-5-104 and Modbus in addition to discussing DNP3, Ethernet/IP, Profinet, MMS, WirelessHART, ISA100.11a. During the course, participants will have the opportunity to engage in real-life attacks against key ICS/IIoT components and other Industrial Control Systems, by performing activities such as firmware reverse engineering of ICS assets, and ICS protocol fuzzing.

See more info at