Up to this point, our risk assessment and threat modeling process has provided us with information on where our vulnerabilities are, who might want to attack us, and how they might do it. We then created risk scenarios accordingly. Now we’ll evaluate and validate these risk scenarios. Performing a penetration test can provide a much clearer understanding and expectation of how easy a vulnerability is to exploit and how probable an attack really is, providing for a focused and efficient mitigation effort later. The catch here is that a local, or even contracted, penetration testing team or red team most likely won’t be able to match the time and resources of an organization such as a nation-state ...

Get Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.