Pentesting an electrical substation

In January we had the occasion to do a penetration test on a facility of an electrical utility company. The goal was to see if a local IT access to one facility would give total control over the facility and moreover if control of one facility could give control over other facilities or over the central command center. We got to intercept and replay IEC-104 and ISO 68150 protocols and interact with all kinds of industrial gear.