CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Weapons Systems Provide Valuable Lessons for ICS/OT Security

Cybersecurity techniques and penetration testing used in the field of weapons systems can provide valuable lessons for ICS/OT security.

Session from 2023 ICS Cybersecurity Conference

ATLANTA – SECURITYWEEK 2023 ICS CYBERSECURITY CONFERENCE – Cybersecurity techniques and penetration testing used in the field of weapons systems can provide valuable lessons for securing industrial control systems (ICS) and other operational technology (OT).

Insights on the topic were presented at SecurityWeek’s ICS Cybersecurity Conference in Atlanta, in separate sessions, by Brian Schleifer, who specializes in system security engineering and analysis for new weapons technologies at Modern Technology Solutions Inc. (MTSI), and Jon ‘McFly’ McEllroy, offensive/defensive team lead at MTSI’s Weapon Systems Cybersecurity (WSC) group.

According to NIST’s definition, a weapons system is “a combination of one or more weapons with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self- sufficiency”.

Schleifer and McEllroy pointed out that the vulnerabilities potentially affecting weapons systems and the techniques and processes that can be used to secure them apply to other cyber-physical systems as well, and the lessons they’ve learned can be useful to those looking to secure ICS or OT. 

McEllroy outlined several types of issues that can impact any type of cyber-physical system, such as maintenance shells, poorly secured wireless connectivity, unused and/or outdated software, and hardcoded credentials. He identified these types of issues while conducting penetration testing on weapons systems. 

As for cybersecurity techniques applied in the weapons systems field that can also be used to secure OT, Schleifer summarized various considerations and techniques for supply chain risk management, digital engineering, system configuration, modular systems, and cyber hygiene. 

Related: Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

Advertisement. Scroll to continue reading.

Related: New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.