There is a continuous evolving gap between SCADA/ICS attackers and the defenders. Once unauthorized access is gained to a control network or a piece of industrial equipment, an attack still needs to be performed. This is where the public literature falls short. This talk will discuss data integrity attacks in industrial sector through the eyes of the attacker. One would normally think that an analog inputs such as power line voltage or pressure in a pipeline are transmitted in SCADA/ICS network packets in a human-comprehensible way. In reality, these process measurements are scaled and transformed in totally different units each time the data traverse different electric circuits, protocol stacks, applications and DBs located at different layers of the Purdue reference architecture. This talk will consider a strategic attacker with a specific malicious goal in mind. When the attacker gets a privileged access and is able to intercept and modify the traffic, she/he needs to find a way to interpret SCADA/ICS data. For that the attacker will have to obtain user manuals, best practices, network architecture drawings, configuration files of sensors, RTUs, PLCs and SCADA DB's settings, and exercise A LOT OF ENGINEERING MATH. Only then the attacker will be able to make sense of the observed data units on the wire and perform targeted data manipulation attacks (instead of causing a nuisance). The talk will analyze real-world RTU-based power substation and DCS-based (petro)chemical plant configurations along with all the challenges that attackers must understand, such as selection of most beneficial network segment/piece of equipment, minimum amount of network and systems configuration analysis, etc. The goal of this talk is to educate the audience about real-world facility configurations and show what the attacker needs to do and why when executing data integrity attacks in Industrial Control Systems. Understanding attacker activities and challenges is crucial for planning further research activities and designing effective defensive approaches and solutions.