Resume
ICS/OT Security
WiCyS 2026
Critical Infrastructure

ICScape: Terminal Velocity

Strategic Partners

WiCyS/CISA/Idaho National Lab

Focus

Incident Response

01 // Simulation Overview

Hosted at the WiCyS 2026 conference in collaboration with CISA and Idaho National Laboratory (INL), Terminal Velocity was an intensive industrial control systems (ICS) and operational technology (OT) cybersecurity simulation.

The exercise focused on transportation infrastructure incident response, challenging participants to investigate cyber-physical system anomalies and recover operational environments under pressure.

Defense Objectives

  • • Investigate operational anomalies
  • • Analyze network activity for OT patterns
  • • Prevent cascading infrastructure failures

Scope

  • • Transportation Sector Infrastructure
  • • Safety Controls & Operational Safety
  • • Real-world CPS hardware & simulations

02 // The Scenario

A simulated attacker compromised transportation-sector operational systems, attempting to manipulate infrastructure behavior and bypass critical safety controls.

Our mission was to perform forensic investigation on operational systems, identify the initial vector, and restore safe operating conditions to the environment.

ICS Monitoring Dashboard

Fig 1.0 // Real-time industrial process monitoring interface showing simulated transportation telemetry.

03 // Technical Involvement

My core contribution focused on the systematic investigation of the operational environment, spanning network-layer discovery and protocol-level analysis of infrastructure communication.

Wi-Fi Analysis

Monitoring wireless spectrum for rogue operational access points.

Network Scanning

Mapping active nodes within the OT subnet without disrupting traffic.

System Discovery

Identifying PLCs, RTUs, and HMIs across the network.

Communication Analysis

Inspecting industrial protocols for anomalous command patterns.

Cyber Range Equipment

Fig 2.0 // Hands-on investigation of simulated infrastructure nodes.

$airodump-ng --band a wlan0
CH 11 [..] ESSID: TRANSPORT-OT-GATWAY\nBSSID: [REDACTED] PWR: -42 BEACONS: 124

04 // Operational Environment

SCADA Dashboard

Operational control interface investigation.

Industrial Controls

Physical PLC and control hardware modules.

Traffic and transportation simulation modeling

Traffic and transportation simulation modeling.

Cyber Range Components

Cyber-physical testbed components.

Team Collaboration

Collaborative defense and incident response brainstorming.

05 // Key Takeaways

OT Priorities

In OT, safety and availability (the 'A' in CIA) often supersede confidentiality. Security measures must never compromise human or operational safety.

Visibility is Defense

Passive monitoring and baseline visibility are critical. You cannot defend what you haven't mapped in complex industrial environments.

Cyber-Physical Impact

Incidents in infrastructure systems have real-world physical consequences. Threat modeling must account for physical safety loops.

Expanded Attack Surface

The attack surface extends beyond software to hardware, RF protocols, and physical access points.

© 2026 Anagha Shyama Prakash • ICScape — Terminal Velocity Research Archive