printer friendly version

Pwn2Own hacking contest to include industrial control systems

Trend Micro has announced a new vulnerability research competition, Pwn2Own Miami, run by Trend Micro’s Zero Day Initiative (ZDI). The first-of-its-kind contest will challenge participants to find vulnerabilities in a range of popular industrial control system (ICS) software and protocols.

Over the past 12 years, Pwn2Own has encouraged vulnerability research in the most critical platforms for enterprises globally. In 2018, the ZDI purchased 224% more zero-day vulnerabilities in ICS software compared to the previous year. This growth is sustaining in 2019 so far, which proves the increasing need to identify vulnerabilities and harden these systems before they are exploited.

“As IT and OT converge under Industry 4.0 and digital transformation initiatives, security gaps are emerging that can be exploited to sabotage key production processes and steal sensitive intellectual property,” said Brian Gorenc, senior director of vulnerability research for Trend Micro. “By expanding our long-running Pwn2Own competition, we hope to raise awareness about the importance of protecting these environments and provide actionable insight for ICS vendors and customers to help improve their security.”

The ZDI is working with ICS vendors through the contest by responsibly disclosing the identified vulnerabilities and encouraging the timely release of patches. Collaborating with IIoT vendors through the ZDI programme has led to stronger patch management processes, which help improve security for everyone.

“Being in ICS security for 20+ years, I have worked closely with vendors and the security community to protect the critical assets that live within industrial systems and vulnerabilities are an ongoing part of this work,” said Dale Peterson, founder and programme chair of S4 Events. “Finding and patching bugs in these platforms isn’t easy. I’m excited to have the ZDI pointing their skilled community toward these targets at Pwn2Own Miami, to help expose these flaws so they can be properly addressed.”

“If we have learnt anything from the DDoS attacks that have started from the point of IoT devices over the last three years, it is that the security of these systems can’t be underestimated,” stated Indi Siriniwasa, vice president sub-Saharan Africa for Trend Micro. “Our ZDI initiative continues to prove that we are better together as a security community, and this collaboration will greatly assist in bringing much needed security standards to the ICS industry.”

Pwn2Own Miami will take place at the S4 conference in Miami South Beach on 21-23 January 2020. It will run across five categories with full cash payouts for successful entries, and over $250 000 in cash prizes available to contestants. Points will also be awarded to determine the overall competition winner, or ‘Master of Pwn’. The winner will also receive an additional 65 000 ZDI reward points, which earns them instant Platinum status in the ZDI rewards programme.

Share this article:

Further reading: