Why this topic matters
OT engagements fail when they ignore safety, rollback and engineering context. This is one of the few offensive domains where an elegant technical proof can still be the wrong answer if it creates uncontrolled process risk.
Operator checks
- Define test windows, emergency contacts, stop conditions and logging expectations before active work begins.
- Prefer observational and bounded validation steps when the environment cannot tolerate surprise state change.
- Record not just what is vulnerable, but what can be tested safely versus what should be reasoned about from evidence.
- Make the final report readable to engineers, operators and executives at the same time.
Reporting lens
Write findings in terms of trust crossed, scope enlarged and business or operational effect reached. That keeps the note useful whether you are validating a lab, an internal research target or a live customer environment.
Curated public references
- CISA ICS AdvisoriesAdvisory style and product-specific operational context.
- MITRE ATT&CK for ICSTechnique language for ICS reporting.
- CISA ICS Training and ResourcesGeneral operational context for ICS engagements.