I. Introduction
Cyberattacks span a range of attack techniques, levels of sophistication and stealthiness. In the upper-echelons of cyberspace we find Advanced Persistent Threats (APTs), highly sophisticated cyberattacks potentially posing a signifi-cant threat to national security [1]. Traditionally, APTs focus mainly on espionage. In recent years they have shown to be capable of disrupting important infrastructures such as the power grid [2] and nuclear facilities [3]. Changing the objective from stealthy extraction of information to disruption of ongoing processes distinguishes a new class of Disruptive APT (D-APT) attacks: sophisticated cyberattacks aimed at disrupting the normal operation of critical infrastructures.