Using Live-Fire Simulations to Improve ICS/OT Threat Protection
Using Live-Fire Simulations to Improve ICS/OT Threat Protection
Dr. Edward Amoroso
Senior Analyst, TAG Infosphere
Live-fire attack simulations are particularly useful for ICS/OT environments because the types of incidents that must be established for SOC team training often involve situations (e.g., safety, maintaining uptime, or potential loss-of-life situations) that cannot be allowed to occur in any other kind of practice.
As such, the use of live-fire exercises in a simulated full-scale environment allows teams to create the conditions for such untenable scenarios without the actual attendant risk.
Live-Fire Training
Team-based, live-fire training on a virtual cyber range, as one would find with the commercial solution from Cloud Range, provides the great benefits of supporting security teams in their journey to work together better, communicate more effectively, use tools more collaboratively, and generally produce more desirable outcomes when the organization being protected is under a real-time cyber-attack.
With a virtual cyber range that emulates both OT and IT networks, can be customized for any industry, and includes options of numerous tools, Cloud Range for Critical Infrastructure gives OT incident response (IR) and ICS security teams a safe, controlled, and dynamic environment to gain hands-on experience detecting and responding to various attacks.
Cloud Range has a library of diverse real attacks – such as malware, ransomware, supply chain, Volt Typhoon, and others – from novice to extremely advanced levels.
The unique simulation training enables teams to practice identifying vulnerable entry points, develop response strategies for system compromises, and mitigate cyber-physical damage.
Moreover, participants gain insights into actions they should avoid and recognize overreliance on IT monitoring and protocols.
This team-based training enhances both technical expertise and interpersonal skills such as communication, collaboration, and decision-making among team members.
ICS/OT Test Scenarios
Simulation of ICS/OT scenarios in which some critical infrastructure component is under attack, perhaps with dire consequences, should represent an unusual and unfamiliar situation.
For example, industrial teams managing power delivery should (hopefully) not have experience dealing with adversaries knocking out power through control systems.
That said, in a live-fire range, such simulations could be produced, at least to some degree, providing the SOC team with experience that could be invaluable during a live incident that could have actual negative consequences.
As live-fire ranges improve with experience and use in ICS/OT settings, it should be expected that their accuracy and efficacy will increase, and one would expect it to become the norm that ICS/OT SOC teams regularly train on a live range.
Cloud Range Offering
The live-fire range from Cloud Range offers one of the most feature rich and well-supported SOC team test and simulation environments that our TAG analyst team has seen on the marketplace.
They’ve been supporting the training needs of SOC teams of all sizes and shapes for many years – and we’ve witnessed the transformation that can come with effective training for a team in a range.
We are thus excited that the Cloud Range team has begun to support ICS/OT scenario development along the lines of what we’ve discussed above.
With all the investment that has been directed by OT security teams toward protecting their systems, it should stand to reason that simulating and testing scenarios would be viewed as a valuable means to ensure that the people operating these systems have the proper training.
About TAG
TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to provide on demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science.