OT & Autonomous Mining Defence

About This Course

Australia’s critical infrastructure sector is under sustained, escalating attack.
Cyber incidents targeting the nation’s mining, energy, and resources sector tripled between 2023 and 2024. As autonomous haulage fleets, remote operations centres (ROCs), and cloud-connected IIoT platforms become the operational backbone of modern mining and energy operations, the attack surface is expanding at a pace that most organisations have not secured.

This 4-day masterclass is a first-of-its-kind collaboration between Arnaud Soullié — one of the world’s leading ICS/OT security researchers — and Secolve, Australia’s specialist OT and Critical Infrastructure cybersecurity consultancy. Together, they deliver a course that is both technically elite and operationally relevant.

The technical curriculum is Arnaud’s proven, Black Hat-vetted programme: hands-on PLC programming and exploitation, industrial protocol analysis, Active Directory-to-OT pivoting, cloud-connected ICS attack chains, and two guided Capture-the-Flag exercises. Layered on top, Secolve’s practitioner-led context sessions translate every technical lab into the exact scenarios playing out across Australian operations — from autonomous haulage and offshore infrastructure vulnerabilities to SOCI Act obligations to what a ROC takeover actually looks like.

Your Top 4 Takeaways

1. Hands-On ICS Attack & Defence
   Program, exploit, and defend real PLCs and industrial protocols across legacy and modern architectures.
2. Resources & Energy Threat Context
   Every lab scenario is mapped to real Australian mining, oil & gas, and energy attack vectors, case studies, and remote operational infrastructure.
3. Cloud-to-OT Kill Chain Mastery
   Execute full attack chains from AWS through IIoT to physical process impact – then build the defences.
4. SOCI Act Readiness
   Understand your compliance obligations under Australian Critical Infrastructure law and build a breach response playbook.

Critical Threat Vectors

• Legacy Protocol Exploitation
  Modbus & S7 lack authentication by design; one network foothold translates directly to PLC manipulation.
• Autonomous Fleet Attack Surface
  Software-defined controllers in autonomous haul trucks and remote drills run on the same architectures attackers exploit in the lab – edge devices, soft-PLCs, and MQTT brokers.
• Kinetic Cyber-Physical Impact
  Spoofed telemetry, halted processing mills, and redirected autonomous vehicles represent real financial and safety consequences — not theoretical scenarios.
• IT-to-OT Pivoting
  Active Directory credentials, cloud misconfigurations, and SD-WAN weaknesses provide the on-ramp from a corporate breach to the production network.
• Cloud-to-OT Kill Chains
  AWS IAM weaknesses and IIoT device misconfigurations allow attackers to pivot from a public cloud environment directly into operational technology.
• SOCI Act Non-Compliance
  Under the Security of Critical Infrastructure Act, operators face strict mandatory reporting timelines. Regulatory exposure compounds the operational damage of any attack.

Who Should Attend

This programme is designed for senior security and engineering professionals in Australia’s mining, energy, and Critical Infrastructure sectors:

• CISOs & Security Executives
• Lead Security Architects
• OT/ICS Security Engineers
• Penetration Testers & Red Team Operators
• Plant Managers & Operations Leads
• Cloud Security Engineers
• Risk & Compliance Professionals
• DevOps/SRE Professionals

Prerequisites & What's Included

Prerequisites

• Basic Windows and Linux proficiency (CLI + GUI)
• Understanding of networking fundamentals (IP, TCP/UDP, routing)
• 2+ years of practical IT security experience recommended
• ICS/OT experience is beneficial but not required
• No PLC programming experience required
• Bring a laptop with a modern browser – everything else is cloud-provided

What's Included

• Cloud-based lab environment (Schneider, Siemens, AWS, Greengrass)
• Physical lab setup: PLCs, edge devices, robotic arm, model train
• Course slides in PDF format
• Certificate of completion + CPE credits eligible
• SOCI Act compliance briefing and regulatory reference materials

Why This Course

The Threat Is Not Theoretical.

BianLian ransomware struck Northern Minerals. Evolution Mining’s IT network was compromised. The Remote Operations Centre (ROC) controlling an autonomous fleet or offshore energy platform sits hundreds of kilometres from the physical site, and its attack surface runs through AWS, Active Directory, and SD-WAN.

Every technical capability Arnaud demonstrates in the lab maps directly to an attack vector being exploited against Australian resources and energy operators right now. Secolve brings the regulatory and operational context to turn that technical knowledge into immediate action.

Arnaud Soullié

Arnaud Soullié is a Senior Manager at Wavestone with 15 years of experience conducting security assessments and penetration tests across all target types, specialising in ICS cybersecurity for over a decade. He has spoken at BlackHat Europe, DEF CON, BruCon, 4SICS, and BSides Las Vegas. He is the creator of the DYODE open-source ICS data diode, and has delivered sold-out ICS training at Black Hat USA for multiple years. His 4-day curriculum has been validated through the rigorous Black Hat review board process.

Secolve

Context Anchor / Secondary Instructor
Secolve is Australia’s specialist OT and Critical Infrastructure cybersecurity consultancy. With deep operational experience across Australian mining, energy, and resources sectors, Secolve’s Senior Architect and Practice Lead will join the course daily to deliver opening keynotes, regulatory context, and sector-specific case studies – translating every technical exploit into the operational reality of centralised ROCs, autonomous haulage fleets, and SOCI Act compliance obligations.

Run this course in-house

Informa Connect Academy’s customised training solutions have helped organisations deliver tailored learning in different languages to suit every requirement.