The infosec industry has spent decades struggling to secure computers and the vital data they hold, with some successes and many frustrating failures. Infosec pros and hackers alike have a wealth of lessons borne in our scars from battles to protect PII, PHI, and other information assets. Increasingly, however, we are facing a shifting threat, as attackers target not just computers and data, but instead the industrial control systems and related equipment we use to operate our physical world. Successful attacks in this realm could pack a lot more wallop than merely purchasing credit monitoring for a year or reimaging worm-infected PCs. In this talk, Ed will analyze this shift, looking at actual attacks against the power grid, water systems, transportation infrastructure, and more. We’ll see how the separation of the computer realm from the kinetic world is evaporating, as most equipment is online all the time. We’ll discuss how hackers and information security professionals can marshall our capabilities to apply the hard-fought lessons we’ve learned in securing data to the kinetic control system realm, along with the types of new skills and thinking that will be required. We’ll also look at how kinetic attacks are modeled in the CyberCity project, a miniaturized town constructed to help train government and military warriors about how computer attacks can have significant kinetic impact.