This session will review key lessons learned about SCADA and IoT breaches and attacks such as Stuxnet and Mirai. We will look at the consequences of SCADA breaches and potential legal fallout, analyze two case studies, and discuss best legal and security practices. Case studies will feature two different potential attackers: a hostile nation state and aggrieved employees.