2026-04-10 –, Track 1
Insider threats in water treatment plants are often misunderstood as overt acts of sabotage. In reality, the most credible risk comes from low and slow actions that stay below detection thresholds.
This short talk examines real-world case studies of insider activity in critical national infrastructure, introduces a simplified water treatment process model, and explores attacker goals such as water quality degradation, service disruption, and loss of public trust. We’ll walk through plausible attack scenarios that do not trigger alarms, signature-based detection, or traditional IT security controls.
The session concludes with practical countermeasures focusing on process aware monitoring, assurance techniques that work in live OT environments and signposts a supporting white paper for deeper technical detail.
I’m Andy Richings, a Principal Security Engineer at Synoptix, working on Secure by Design projects for defence, space, and critical national infrastructure. I focus on threat modelling, cyber assurance, and security architecture for complex software and OT-adjacent systems, including water treatment environments. My work is about making cyber risk visible, traceable, and manageable in systems society depends on.
Researcher at Swansea University
2 years at Synoptix
4 years of Cyber Security