2026-04-10 –, Rookie, Student and Careers Track
Security analysts or operators know that an intrusion occurred but they often cannot answer these critical questions: Which physical processes are threatened? How will the attack evolve? What is the attacker likely to do next? Your security tools detect the attack, but critical context is missing. This gap, between technical detection and operational understanding, represents a fundamental blind spot in industrial security approaches.
This talk will introduce a structured methodology called AESICS, which reconceptualizes adversary emulation exercise as a diagnostic instrument for iterative ICS defense improvement. We will discuss how the framework can help analysts to systematically identify multi-dimensional situational awareness gaps and design targeted defensive enhancements to close those gaps.
We also introduce SIMPLE ICS (Simulated Industrial Multi-tier Platform for Laboratory Emulation of Industrial Control Systems) testbed, a sector-agnostic, Purdue-aligned industrial testbed architecture that models modern industrial environments. We will present the result from the AESICS using this testbed and empirically test the methodology for quantifying and assessing defensive improvement based on the AESICS methodology.
Throughout the session, we will walk through:
- A reusable industrial testbed architecture guide using SIMPLE ICS.
- A structured diagnostic approach you can implement immediately, turning vague ‘improve security’ into specific quantifiable security improvement.
- A quantified metrics framework for measuring situational awareness gaps.
With more than 10 years of professional experience in security, I am now pursuing a PhD for further study.