A skilled attacker (red) and defender (blue) from the S4 attendees will be selected in advance and provided with the proof or concept exploits and the actual vendor notice of the vulnerabilities respectively. After an hour with the target ICS product, they will be simultaneously connected to the device to run a live red/blue exercise on stage. While this is going on Eireann Leverett will explain the vulnerabilities and what the attacker and defender are trying to accomplish as well as monitor and comment on the activities and results. As the red and blue participants continue to work, Mr. Leverett will progress into a discussion of incident response, patching, and vulnerability reporting. In particular he will focus on the QUALITY of INFORMATION given to the defender. The session will close with a review who controls the device at the end, and ask them about their experiences.