Practical Attack Simulations in Critical National Infrastructure

Explore practical attack simulations in Critical National Infrastructure (CNI) through this informative 21-minute conference talk. Delve into the importance of attack simulations and challenge traditional views of Industrial Control Systems (ICS). Examine threat models and typical architectures for field sites, process control, and complete CNI systems. Learn strategies to reduce testing risks, model threat actors effectively, and conduct collaborative whitebox testing. Discover the significance of team selection, finding security champions, and understanding the OT control chain. Gain valuable insights into enhancing security measures for critical infrastructure through practical attack simulations.

Intro
why bother with attack simulations?
Traditional view of ICS
Threat model
Typical architecture - Field site
Typical architecture - Process control
Typical architecture - Complete picture
Reduce testing risk
Model your threat actor
whitebox and collaborative
Take the ego out of testing
pick your team carefully
Find a security champion
OT control chain
Conclusions