Day 2:
- Module 3: ICS threat landscape, Cyber-Physical Attacks & Attack Surface
After a brief recap of the first day, we will delve into the ICS threat landscape and take a look at attacker motives and capability and impact factors in assessing the cyber risk properly. Whether the concern is targeted industrial espionage or destructive cyber-physical attacks, we will walk attendees through the complexities of attacker activities like process comprehension and damage scenario design in order to properly analyze the potential cyber-physical impact and the required attacker capabilities.
Finally, we will explore the vast attack surface of industrial control systems: from breaching perimeters to lateral movement and pivoting across network segments in order to impact the process through the exploitation of industrial protocol insecurities, compromising workstations, databases, controllers, and field devices. During interactive discussions, we will ask ourselves how bad these typical OT security issues are in practice and how we could mitigate these issues.