15 Cybersecurity Fundamentals Revisited – Advanced Training for Technical Staff & Practice Makes Proficient

Awareness training is a key organizational risk strategy component to create and maintain a culture of cybersecurity, all personnel should receive regular, ongoing cybersecurity awareness training. Likewise, technical IT and OT personnel should participate in advanced training, and include red team/blue team exercises to practice and reinforce cybersecurity defense concepts and strategies. To highlight how red teams and blue teams can collaborate to protect water treatment systems, industrial cybersecurity firm Radiflow shares their experience in a report from their participation at The International Critical Infrastructure Security Showdown (CISS) 2019 challenge in Singapore last month. The report describes each attack scenario and Radiflow’s mitigation measures. The test lab environment was set up as a modern physical six-stage water treatment process closely mimicking a real-world water treatment plant. According to Radiflow, the cyber portion of the challenge consisted of a layered communications network, Rockwell PLCs, HMIs, a SCADA workstation, and a Historian. The report provides a succinct description of the attack phases, from initial scanning, to exploiting known IT and SCADA vulnerabilities. During one of the attacks, assets were detected opening unauthorized connections to internet IPs that might provide access to C2 servers or malicious IPs. Members considering teaming exercises are encouraged to read Radiflow’s report. In addition, industrial cybersecurity firm Dragos has a three part series on Purple Teaming ICS Networks. Finally, WaterISAC’s 15 Cybersecurity Fundamentals #8 Creating a Cybersecurity Culture discusses free training opportunities and options for “teaming” exercises, and #11 Plan for Incidents, Emergencies and Disasters reinforces the need for exercises. Read the summary at Radiflow