- Are there attributes of attacks that can be used to differentiate them into two groups?
- Can we come up with two different methodologies with which we can evaluate "all" incidents?
- Easy to scope: Just make sure that we don't choose the same one
- My preferences:
- TRITON
- Blackenergy
- Industroyer/Crashoverride