This session explores common attack vectors targeting Operational Technology (OT) and Industrial Control Systems (ICS) and demonstrates how Zero Trust principles can strengthen security. We will examine ODVA’s CIP Security components, including:
• Authorization & Authentication: Certificate-based validation to ensure only authorized communication occurs.
• Device Integrity: Mechanisms that prevent or detect unauthorized alterations to communication.
• Confidentiality: Encryption to protect data in transit.
You’ll learn how CIP Security enables micro-segmentation through software-defined Zones and Conduits, aligning with IEC 62443 standards, and how OPC UA clients and servers can be integrated for secure interoperability.
Finally, we will showcase a live demonstration of a Man-in-the-Middle (MiTM) attack on a control system—where traffic between two PLCs is intercepted and manipulated—and reveal how CIP Security mitigates this threat to safeguard industrial environments.

Requires 2nd project for the Kali Attack box and table for Physical PLC Demo that is being attacked.