Six countries.
Six minutes ago, a binary diff flagged
something the SBOM didn't account for.
A small library called libcoresec is sitting inside the firmware of a safety-critical PLC deployed at six nuclear sites worldwide.
Half the global fleet has updated. Half hasn't.
Your team has 75 minutes.
The team needs 4 red + 6 blue.
Red roles investigate the compromise. Blue roles respond. Each role has a task list, an AI doppelganger working in parallel, and a deliverable that another role needs.
Threat Actor Enumeration
Who's behind the j_arbiter handle? Build the attribution dossier.
Attack Capability Analysis
Given control of libcoresec.entropy_seed(), what can the adversary actually do?
SBOM Element Extraction
The vendor SBOM lists 47 components. Binary analysis finds 52. What else is missing?
Data Analysis & Correlation
Find every other place libcoresec lives. Surface the cascade.
Risk Assessment & Prioritization
Of the 6 sites, which is most at risk? Defend your ranking.
Compliance Mapping
Six jurisdictions, six frameworks. Who must be notified, on what timeline, with what artifact?
Vendor Engagement
How do you approach Nordic Atomic Controls without spooking the adversary — or trusting a possibly-compromised vendor too far?
Mitigation Planning
Rollback reintroduces a known CVE. Patching is weeks away. What do you do tonight?
Cross-Jurisdiction Coordination
Six countries. Nine timezones. Three regulatory cultures. Build the protocol.
Forensic Documentation
What evidence must be preserved tonight so a French inquiry tomorrow can use a Norwegian discovery?