As the crisis in eastern Europe unfolds, many are preparing for whatever cyber activities will come because of the escalation. For CNI (Critical National Infrastructure) and OT/ICS in general, there are all kinds of reasons to prepare, and to pay attention, to previous cyber security incidents from the region. We know that the capabilities and the intent is there. In this talk, we will go through some of the previous TTPs, new TTPs used elsewhere, and generally look at what it takes to defend modern OT/ICS installations in the light of an also increased digitalization. And we will discuss which possible events might happen in case of a cyber warfare escalation in the region.