Is Your Security Team Prepared for an OT Cyber Attack?

Is Your Security Team Prepared for an OT Cyber Attack?

Is Your Security Team Prepared for an OT Cyber Attack?

How to Conquer OT Attacks in an IT-Focused World

Cloud Range held a webinar earlier this week to introduce the industry's only OT cyber range for live-fire training – a needed resource as today’s threat landscape includes more and more attacks that impact or directly target industrial control systems (ICS).

We had an excellent roster of cybersecurity and operational technology (OT) security leaders involved in the webinar:

  • Debbie Gordon, Founder and CEO of Cloud Range

  • Marcus Linder, Senior Attackmaster from Cloud Range

  • Bryan Singer, Principal Director, Global OT Incident Response Lead from Accenture

  • Lucian Niemeyer, CEO of Building Cyber Security (former Assistant Secretary of Defense)

  • Mark Cristiano, Global Commercial Director from Rockwell Automation

Cloud Range OT webinar speakers

Weren’t able to attend? We’ve got you covered. This blog highlights some key takeaways, and you can view a complete recording of the webinar here

The Value of Hands-On Experience

People are only as good as the experience they have. The cyber skills shortage is not because people aren’t being trained in cybersecurity — the shortage is because education and certifications are not enough. Some organizations are even removing those requirements from job ads because it’s alienating prospective candidates for open positions, and they don’t tell the whole story anyway. The problem is a lack of hands-on, real-world experience.

Many security operations (SOC) and incident response (IR) teams don’t have a full understanding of how attacks play out — because most people have never actually seen an attack. And in cybersecurity, on-the-job training during a cyber attack isn’t an option.

There are other layers of complications as OT/ICS security and IT security converge because there are conflicting objectives, different ways to handle incidents, varying attack vectors, organizational disparities, and more. These all lead to increased cyber risk.

It’s critical for organizations to not only think about technologies and processes, but to focus on their people – the last line of cyber defense. The best way for them to gain experience and to be savvy enough to thwart cyber attacks is with live-fire cyber simulation training for teams. 

Cyber Range Training for OT/ICS Attacks

Cloud Range for Critical Infrastructure provides OT/ICS and IT security teams with the real-world experience they need as they practice together in a safe, virtual environment. It is the industry’s first and only full-service OT/ICS/IoT cyber range simulation training program with dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. 

Cloud Range’s cyber range training is tailored to the unique challenges faced by organizations that operate in the operational technology (OT) space. The simulated scenarios, created by Cloud Range, mimic real-world attacks, allowing participants to gain hands-on experience in identifying and responding to cyber threats. The new OT solution not only strengthens the resilience of security teams, but it also improves operational efficiency by providing a collaborative environment for IT/OT teams to work and train together.

Cyber Defense Is a Team Sport

If you’re familiar with the industry-standard Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, you’re aware that each cyber role has knowledge, skills and abilities (KSAs). A sports analogy ⚾️ helps explain the differences.

  • Knowledge – Understanding how baseball works is the first step to enjoying the game. Some people know the rules inside and out and have memorized thousands of stats, but they rarely pick up a glove or a bat. In cybersecurity, the “knowledge” stage is understanding approaches and theories, but without the experience of implementing them in a real-life situation.

  • Skills – To play baseball, it’s important to know things like how to throw a ball, how to slide, how to hit a ball with a bat. These are individual, compartmentalized skills that are vital to the sport, but they aren’t reflective of performance under pressure. The “skills” stage represents cybersecurity skills development labs and learning plans. They are necessary, and this kind of training should be done regularly and consistently. However, the training cannot stop at this step.

  • Abilities – This step is when team members take the knowledge and skills they have learned and apply them. It is practicing in a real-life environment with the full team and honing communication, problem-solving, and judgment skills. It requires knowing what to do, when to do it, how to do it, and why to do it. The result is that the team builds confidence and experience. In baseball, it is practice on the field – in cybersecurity, it is simulation training for teams.

Check out this blog for more about KSAs.

OT/ICS Security Challenges

Until now, there has been a lack of training options and learning paths for OT/ICS security professionals. Additionally, CISOs, SOC managers, and other security leaders need metrics to understand how their people are performing and that their cyber training is helping to lower risk.

Cloud Range for Critical Infrastructure overcomes all of those challenges. The cyber range gives participants an opportunity to experience customized IT and OT environments and to understand the unique things that happen. 

Bryan said: “I always say the worst day in IT, as far as the cyber incident goes, is usually just the start of a bad day for an OT environment. We're dealing with high pressure, heat, vibration, fire, chemicals – we're dealing with all kinds of other threats out there. And that's the main differentiation – we're dealing with time-based systems…. We're trying to understand why a drive turned on, why a valve opened, why something failed the way it did. And the only way to really get those skills and practice and hone them well is in an environment that replicates everything that you can see physically. And, I don't want somebody learning these skills the first time by trying to diagnose why a plant is down.” 

Lucian said: “I'm former military, and we get trained initially on a skillset. But the best pilots in the world train consistently and constantly. They understand an adversary's tactics, techniques, and procedures, and they practice on those endlessly and they become the best consistently. And I think that's what you’ve [Cloud Range] has offered up here in the OT world, which is unique…. An IT attack, yeah, it can be devastating and can cause disruption of business. But when you're talking OT attacks, you're looking at explosions, you're looking at causing property damage, you're looking at potentially hurting people. You've gotta get it right.”

Mark noted: “With this IT and OT convergence, there still is a communication gap between those respective teams. Getting those teams together and speaking the same language is so, so important because time is of the essence when these breaches occur. I also think that… when a customer makes a conscious decision to outsource OT MSSP functionality, that communication gap between the organization and the MSSP and the IT folks and the OT folks, it widens. So it's even more important, as customers start to outsource, that you bring those teams together.” 

These comments and takeaways are just a small taste of all the goodness that was packed in this webinar. To hear it all – including a live demo of how an attack plays out on one of Cloud Range’s cyber ranges – watch the video here.

Request a demo to learn how Cloud Range's cyber range and simulation solutions will measurably improve your IT and OT security teams' performance.

 

WEBINAR SPEAKERS AND PANELISTS:

Debbie Gordon

As founder and CEO of Cloud Range, Debbie Gordon is a globally recognized entrepreneur leading a new category in cybersecurity. Cloud Range was founded on the premise of closing the cybersecurity skills gap by giving security teams the ability to gain real life experience and practice defending against live cyber attacks in a protected customized dynamic environment. A consummate entrepreneur, Debbie began her career 25+ years ago in the technical education/certification space and has since built and sold several companies in eCommerce, IT asset management, and training.


Marcus Linder

Marcus Linder is Cloud Range’s Senior Attack Master. He has over five years of incident response and cyber range development experience. He has led multiple cybersecurity engineering teams to develop and implement fully independent incident response training cycles. He is a United States Navy veteran.


Bryan Singer

Bryan Singer is the global operational technology (OT) lead at Accenture's Cyber Investigation and Incident Response (CIFR) team.  In this capacity, his current role is enhancing Accenture’s adversarial and resilience portfolio to meet the unique challenges of cyber-physical systems used in OT. Mr. Singer has a 25+ year career as an industry-recognized leader and catalyst in industrial cybersecurity, with the goal of creating safe, resilient, and high-performance industrial processes. Bryan’s plant experience spans 5 continents, 4000 plants, and over 200 active industrial cyber incident responses. His various roles industry roles have included founding chairman of ISA/IEC62443, Director of the ISA Safety and Security Division, frequent speaker and industry author, and co-author of two books including Hacking Exposed  - Industrial Control Systems, and Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS.


Lucian Niemeyer

Lucian serves as the CEO of Building Cyber Security, a private sector, non-profit organization enhancing global safety through the development of cyber security protections for intelligent technologies, buildings and communities. For over 30 years, Lucian has served in the White House, the Pentagon, and in Congress providing budget, policy, and management leadership for U.S. national security programs. He served as an Assistant Secretary of Defense managing the world’s largest real property portfolio valued at a trillion dollars. He was responsible for identifying and mitigating risk to national security programs, as well as improving energy and environmental resilience. Lucian also served the Secretary of Defense as a strategic advisor for critical mission assurance and cybersecurity programs. Previously, he also served as an Assistant Secretary of the Navy, and in the Office of Management and Budget at the White House overseeing national security, nuclear, and intelligence programs.


Mark Cristiano

Mark has over 30 years of experience in Information Technology with 15 years of Enterprise and Manufacturing systems leadership. Mark has spent the last 15 years in a technical sales leadership capacity providing pre-sales business and technical consulting to Fortune 100 companies with an emphasis on providing ROI analysis, implementation strategies, and technical architectures designed to improve operations and maximize business value. Mark currently serves as the Global Commercial Director for Rockwell Automation, focusing on Industrial IoT and Cybersecurity program and managed services development for Rockwell's Connected Services growth initiative with an emphasis on facilitating IT and OT convergence.

Previous
Previous

Training SOC Teams on OT-Related Cyber Threats

Next
Next

Cloud Range Launches the First OT/ICS Cyber Range for Live-Fire Training to Reduce Risk from Cyber Attacks on Critical Infrastructure