BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//orangecon-2026//talk//XUJ7WR
BEGIN:VEVENT
UID:pretalx-orangecon-2026-XUJ7WR@pretalx.com
DTSTART:20260604T134000Z
DTEND:20260604T141000Z
DESCRIPTION:Operational Technology environments are among the hardest to de
 fend and the hardest to test. Where protocols are proprietary\, traffic pa
 tterns are deterministic\, and the cost of a false positive is not just no
 ise - it can mean interrupting a live physical process. Testing detection 
 capability in IT/OT infrastructure is essential - not only to verify what 
 gets caught\, but to understand where detection fails\, what needs to be t
 uned\, and whether signature-based or anomaly-based approaches are more ef
 fective at each stage.\n \nThis talk presents an ongoing research effort i
 nto executing and detecting attack scenarios inside a physical OT test env
 ironment that simulates the water pipeline infrastructure. The kill chain 
 spans the full IT/OT boundary - from initial access and reconnaissance on 
 the IT side\, through lateral movement into OT\, to direct manipulation of
  pipeline control components. At every stage\, network traffic\, sensor te
 lemetry\, and operational data flows are collected\, building a ground-tru
 th dataset of normal and adversarial behavior. A central metric under obse
 rvation during the tests is the Water Horizon - tracking whether consumers
  receive their water on time - and how threat actors targeting flow rates 
 and sensor values affect it.\n \nDetection is approached across two layers
 : SIEM-based rules and signatures\, and behavioral anomaly detection basel
 ining normal OT process behavior. Both detection layers draw on a combinat
 ion of sensor data and network traffic\, with cross-layer correlation used
  to increase alert confidence. The talk walks through which kill chain sta
 ges each detection layer identifies\, where rules might fall short\, and b
 ehavioral anomalies can surface threats that signatures miss\, and where o
 pen questions remain.\n \nThis is a work in progress. The goal is not to p
 resent conclusions - it is to share the methodology\, open the discussion\
 , and explore where OT detection can be improved.
DTSTAMP:20260525T183428Z
LOCATION:Track 1
SUMMARY:Protecting the Water Horizon: Kill Chain Simulation and Detection i
 n Water OT Infrastructure - Aneta Urban\, Maarten de Kruijf
URL:https://pretalx.com/orangecon-2026/talk/XUJ7WR/
END:VEVENT
END:VCALENDAR