Insider threats in water treatment plants are often misunderstood as overt acts of sabotage. In reality, the most credible risk comes from low and slow actions that stay below detection thresholds.

This short talk examines real-world case studies of insider activity in critical national infrastructure, introduces a simplified water treatment process model, and explores attacker goals such as water quality degradation, service disruption, and loss of public trust. We’ll walk through plausible attack scenarios that do not trigger alarms, signature-based detection, or traditional IT security controls.
The session concludes with practical countermeasures focusing on process aware monitoring, assurance techniques that work in live OT environments and signposts a supporting white paper for deeper technical detail.