Is Your Security Team Prepared for an OT Cyber Attack?

How to Conquer OT Attacks in an IT-Focused World

Cloud Range held a webinar earlier this week to introduce the industry's only OT cyber range for live-fire training – a needed resource as today’s threat landscape includes more and more attacks that impact or directly target industrial control systems (ICS).

We had an excellent roster of cybersecurity and operational technology (OT) security leaders involved in the webinar:

• Debbie Gordon, Founder and CEO of Cloud Range

• Marcus Linder, Senior Attackmaster from Cloud Range

• Bryan Singer, Principal Director, Global OT Incident Response Lead from Accenture

• Lucian Niemeyer, CEO of Building Cyber Security (former Assistant Secretary of Defense)

• Mark Cristiano, Global Commercial Director from Rockwell Automation

Weren’t able to attend? We’ve got you covered. This blog highlights some key takeaways, and you can view a complete recording of the webinar here. 

The Value of Hands-On Experience

People are only as good as the experience they have. The cyber skills shortage is not because people aren’t being trained in cybersecurity — the shortage is because education and certifications are not enough. Some organizations are even removing those requirements from job ads because it’s alienating prospective candidates for open positions, and they don’t tell the whole story anyway. The problem is a lack of hands-on, real-world experience.

Many security operations (SOC) and incident response (IR) teams don’t have a full understanding of how attacks play out — because most people have never actually seen an attack. And in cybersecurity, on-the-job training during a cyber attack isn’t an option.

There are other layers of complications as OT/ICS security and IT security converge because there are conflicting objectives, different ways to handle incidents, varying attack vectors, organizational disparities, and more. These all lead to increased cyber risk.

It’s critical for organizations to not only think about technologies and processes, but to focus on their people – the last line of cyber defense. The best way for them to gain experience and to be savvy enough to thwart cyber attacks is with live-fire cyber simulation training for teams. 

Cyber Range Training for OT/ICS Attacks

Cloud Range for Critical Infrastructure provides OT/ICS and IT security teams with the real-world experience they need as they practice together in a safe, virtual environment. It is the industry’s first and only full-service OT/ICS/IoT cyber range simulation training program with dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. 

Cloud Range’s cyber range training is tailored to the unique challenges faced by organizations that operate in the operational technology (OT) space. The simulated scenarios, created by Cloud Range, mimic real-world attacks, allowing participants to gain hands-on experience in identifying and responding to cyber threats. The new OT solution not only strengthens the resilience of security teams, but it also improves operational efficiency by providing a collaborative environment for IT/OT teams to work and train together.

Cyber Defense Is a Team Sport

If you’re familiar with the industry-standard Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, you’re aware that each cyber role has knowledge, skills and abilities (KSAs). A sports analogy ⚾️ helps explain the differences.

• Knowledge – Understanding how baseball works is the first step to enjoying the game. Some people know the rules inside and out and have memorized thousands of stats, but they rarely pick up a glove or a bat. In cybersecurity, the “knowledge” stage is understanding approaches and theories, but without the experience of implementing them in a real-life situation.

• Skills – To play baseball, it’s important to know things like how to throw a ball, how to slide, how to hit a ball with a bat. These are individual, compartmentalized skills that are vital to the sport, but they aren’t reflective of performance under pressure. The “skills” stage represents cybersecurity skills development labs and learning plans. They are necessary, and this kind of training should be done regularly and consistently. However, the training cannot stop at this step.

• Abilities – This step is when team members take the knowledge and skills they have learned and apply them. It is practicing in a real-life environment with the full team and honing communication, problem-solving, and judgment skills. It requires knowing what to do, when to do it, how to do it, and why to do it. The result is that the team builds confidence and experience. In baseball, it is practice on the field – in cybersecurity, it is simulation training for teams.

Check out this blog for more about KSAs.

OT/ICS Security Challenges

Until now, there has been a lack of training options and learning paths for OT/ICS security professionals. Additionally, CISOs, SOC managers, and other security leaders need metrics to understand how their people are performing and that their cyber training is helping to lower risk.

Cloud Range for Critical Infrastructure overcomes all of those challenges. The cyber range gives participants an opportunity to experience customized IT and OT environments and to understand the unique things that happen. 

Bryan said: “I always say the worst day in IT, as far as the cyber incident goes, is usually just the start of a bad day for an OT environment. We're dealing with high pressure, heat, vibration, fire, chemicals – we're dealing with all kinds of other threats out there. And that's the main differentiation – we're dealing with time-based systems…. We're trying to understand why a drive turned on, why a valve opened, why something failed the way it did. And the only way to really get those skills and practice and hone them well is in an environment that replicates everything that you can see physically. And, I don't want somebody learning these skills the first time by trying to diagnose why a plant is down.” 

Lucian said: “I'm former military, and we get trained initially on a skillset. But the best pilots in the world train consistently and constantly. They understand an adversary's tactics, techniques, and procedures, and they practice on those endlessly and they become the best consistently. And I think that's what you’ve [Cloud Range] has offered up here in the OT world, which is unique…. An IT attack, yeah, it can be devastating and can cause disruption of business. But when you're talking OT attacks, you're looking at explosions, you're looking at causing property damage, you're looking at potentially hurting people. You've gotta get it right.”

Mark noted: “With this IT and OT convergence, there still is a communication gap between those respective teams. Getting those teams together and speaking the same language is so, so important because time is of the essence when these breaches occur. I also think that… when a customer makes a conscious decision to outsource OT MSSP functionality, that communication gap between the organization and the MSSP and the IT folks and the OT folks, it widens. So it's even more important, as customers start to outsource, that you bring those teams together.” 

These comments and takeaways are just a small taste of all the goodness that was packed in this webinar. To hear it all – including a live demo of how an attack plays out on one of Cloud Range’s cyber ranges – watch the video here.

Request a demo to learn how Cloud Range's cyber range and simulation solutions will measurably improve your IT and OT security teams' performance.

WEBINAR SPEAKERS AND PANELISTS: