Live Hack in the Power Grid: From Phishing to Blackout

Résumé

In this live, high-fidelity simulation we will walk you through a complete OT intrusion – from a phishing mail to coordinated breaker operations in multiple substations – against an environment that already has Multi-Factor Authentication (MFA), network segmentation, OT firewalls, and isolated zones. We expose how identity gaps, weak trust boundaries, and protocol misuses chain together to defeat “best practice” defenses. Then we flip perspective: deconstruct the kill chain, and convert each step into concrete detections, containment actions, and recommendations for architecture fixes. Expect uncomfortable truths, pragmatic countermeasures, and clear next steps to raise resilience across IT/OT.

Objectifs

• Understand end-to-end attack progression in power grid OT networks
• Diagnose why MFA, segmentation, and OT firewalls can fail under real attacker trade craft
• See, in real time, how each attacker’s action appears in an OT IDS (alerts, anomalies)
• Recognize typical lateral paths across office/plant boundaries

 

Contenu

• Live demo: phishing-led intrusion culminating in coordinated breaker operations (real OT protocols)
• Teardown of the kill chain: at each stage, we show the attacker action and the matching OT IDS evidence
• The attacker phishes a SCADA engineer, hijacks an OT server, pivots into a substation, drops Industroyer-like malware, and then open breakers across multiple substations in a coordinated attack
• Lessons learned and typical vulnerabilities in power grid OT network setups

 

Durée

45 minutes

Public

IT Professionals
OT Security Professionals

Prérequis

Basic Cybersecurity Knowledge

Solutions

StationGuard