ABSTRACT This white paper is a roadmap for new and emerging threats against industrial control systems (ICS) and the protocols on which field devices rely to communicate with control systems across a network. Protocols such as International Standards Organization Transport Service Access Point (ISO-TSAP RFC 1006) and others were designed, in the past, without any security in mind. These protocols were intended to be open and reliable, not secure. In fact, most Programmable Logic Controllers (PLCs) were also built on the assumption that security was unnecessary as long as the device was deployed inside an “air gap” network. However, recent events, such as the widespread dissemination of Stuxnet, have demonstrated that this is not a safe assumption on which to base critical design implementation decisions. We must consider where these devices are deployed; PLCs are used in power plants (including nuclear), pipelines, oil and gas refineries, hydroelectric dams, water and waste, and weapon systems. We cannot simply rest idle and wait for something to fail or, worse, explode. We must act now, and we must be diligent in mitigating these issues. ICS vendors together with the help of ICS-CERT should work with independent security researchers to promote responsible disclosure. In this paper we will discuss, reconnaissance, fingerprinting, replay attacks, authentication bypass methods, and remote exploitation, and how these techniques can be used to attack a Siemens Simatic S7 PLC.