Proactive Defence

There’s a fundamental problem with learning operational technology security: the things you need to test are the things you absolutely must not break. This creates what educational theorists call “a bit of a pickle” and what facility operators call “no, you’re definitely not touching the production turbines with your laptop.” It’s rather like learning to defuse bombs. The theory is straightforward, the practise is somewhat more stressful, and mistakes tend to be memorable for everyone in the vicinity. In OT security, mistakes might not result in explosions (usually), but they can shut down production, trigger safety systems, or cause equipment damage. These outcomes are suboptimal for learning environments and remarkably unpopular with operations teams who prefer their turbines spinning at correct speeds rather than serving as expensive educational exhibits. ...

The thing about a city that runs on light, logic, and the quiet hum of routers was that it had a peculiar sense of humour. The Scarlet Semaphore, you see, was never meant to be a threat. In a dusty attic above a curry house that did suspiciously good chips, they were a hackerspace, a guild of tinkerers. Their charter was one of curiosity, not conquest. They poked at systems to see how they squeaked, a digital version of kicking tyres. Their latest project was Operation Red Lantern, targeting the Guild Registry, a dusty, important, and frankly rather pompous piece of civic plumbing that controlled professional certifications. It was, in their view, begging for a gentle nudge. ...

Threat modelling for zero-day vulnerabilities is a peculiar exercise in preparing for the unknowable. These are not the comfortable, catalogue‑ready bugs that live in CVE databases. These are the ones nobody, least of all the vendor, has seen fit to admit exist. They arrive without warning, without a patch, and with precisely zero days’ notice before being exploited. The task, therefore, is less about ticking boxes and more about building the sort of resilience that can withstand the unexpected without falling to pieces. ...