Threat Model a Water-Utility SCADA Network Before a Migration
Overview
What this challenge is about.
Review provided network diagrams (current and proposed), the asset inventory (around 180 PLCs (programmable logic controllers), 22 engineering workstations, 6 historian servers), and 2 redacted incident reports. Build a STRIDE threat model across 5 trust zones (field network, control LAN, DMZ (demilitarized zone), cloud bridge, corporate). Identify the top 12 threats ranked by likelihood-times-impact, mapping each to MITRE ATT&CK for ICS techniques. Deliver a 15-page threat model, a vendor scoring rubric derived from the threats, and a 1-page executive summary for the utility's general manager.
The Brief
What you'll do, and what you'll demonstrate.
Produce a STRIDE + ATT&CK for ICS threat model for a SCADA migration that procurement can defensibly score 3 vendors against.
Earning criteria — what you'll demonstrate
- Apply STRIDE to an ICS environment without forcing IT-shaped assumptions
- Map ICS-specific threats to MITRE ATT&CK for ICS techniques
- Reason about cloud-bridge risk on a previously air-gapped OT network
- Translate a threat model into procurement-grade vendor scoring criteria
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.