ICS-CERT: What does a Cyber Attack Feel Like?

Thursday, April 26, 2012

Infosec Island Admin


What does a Cyber Attack Feel Like? Take the CSSP "ICS Advanced Training Course" and Find Out...

It is two o’clock in the afternoon, and suddenly a tank begins to overflow. Your equipment monitoring instrumentation displays normal operating parameters, and no alarms have triggered in your system. You assume manual control of the process and attempt to restore the process to a safe state.

What just happened? Why didn’t an alarm register? Why are your instruments reading normal? What is your next step?

Most enterprises would consider themselves lucky not to have experienced a cyber attack against their control system. Attacks against production systems are extremely undesirable; however, the insight gained as a result of the experience can be valuable and can be used in the event of an attack on real-world industrial control assets.

The Control Systems Security Program (CSSP) provides ICS Advanced Cybersecurity Training, which is a 5 day, hands on training session that affords this insightful experience. The course focuses on ICS protection by presenting specific defensive and offensive tools and techniques. Attacks on ICS are demonstrated in a classroom environment and participants are given the chance to nefariously manipulate actual ICS hardware and software. They do not just discuss these exploits, but actively manipulate and deploy them on actual systems.

Fortunately, the result of mixing the green and yellow liquids causes only the creation of a blue liquid, not a hazardous or otherwise dangerous substance. However, the implications of a comparable attack against real-world industrial processes can certainly be realized by those participating in this training.

The ICS Advanced Cybersecurity training offers step-by-step guidance throughout several topics, including: network discovery, exploitation, defense, and detection. After the 3 full days of classroom instruction are completed, participants are armed with an arsenal of cyber attack and defense tools and techniques. The participants are divided into two teams, red (attackers) and blue (defenders). On the following day, those teams face off in a 12-hour Red Team/Blue Team exercise, and the fun begins.

Once the red and blue identification lanyards are distributed, the participants assume the assigned roles of attackers and defenders. The person sitting next to you in the classroom could now be an adversary, and the mental games and social engineering begins immediately. The blue team is cautioned to guard their sensitive network diagrams, even later that evening at their hotel.

The blue team becomes familiar with their facility, and the red team prepares to bring a forceful attack to disrupt the blue team’s critical process. They also target intellectual property that could provide economic advantage against the rival company.

The day is long and intense as attacks are executed by the red team. The blue team moves to detect, defend, and install software mitigations that would prevent new attacks via the same vector. The critical process controlled by the blue team cannot be disrupted without senior management approval, maintaining the realism found in a real-world industrial environment.

On the final day, the exercise is reviewed from both teams’ perspectives. As a group, they discuss what happened versus what was perceived to be happening, which techniques were successful for each team, and what could have been done better on each side.

This training session takes place on a monthly basis and is free to attend. For a full schedule of CSSP events, including training, see the CSSP Calendar. Currently, four training sessions are scheduled.

If you would like to learn more about training opportunities, please contact cssp_training@hq.dhs.gov.

Source:  http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_March_2012.pdf

Possibly Related Articles:
Industrial Control Systems
SCADA Training Cyber Security Network Security ICS ICS-CERT Industrial Control Systems CSSP ICS Advanced Cybersecurity Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked