Presenter:
This talk makes the case that threat modeling in OT environments is often disconnected from how attacks actually unfold, leading to defenses that look good on paper but fail under real-world conditions.
Key takeaways
- Threat models are too theoretical
- Built around assumed architectures and clean diagrams
- Don’t reflect how systems are actually deployed and used
- Miss the messy, real-world attack paths
- Attack paths are what matter
- Adversaries don’t follow neat boundaries
- They chain together small weaknesses across IT and OT
- Risk lives in the path, not the individual vulnerability
- OT environments break traditional modeling
- Legacy systems, undocumented changes, and workarounds
- Incomplete asset inventories
- Constant drift from original design
- Static models quickly become outdated
- Environments evolve faster than documentation
- Threat models become stale almost immediately
- Without continuous validation, they lose value
- Validation is the missing step
- Modeling needs to be tested against reality
- Red/purple teaming helps validate assumptions
- Continuous iteration is required
