ICS SCADA Red Teaming Webinar
With the global rise of persistent, targeted attacks on industrial & infrastructure organisations it is more important than ever to be in control of your digital security. In this webinar security expert Jos Wetzels will discuss red teaming in ICS / SCADA environments by providing an overview of the offensive activities involved while highlighting environment-specific nuances, especially with respect to mission scope, safety concerns and realism.
The recording is now available. Watch it here.
Red teaming simulates full-spectrum offensive operations ranging from cyber penetration testing and physical breaches to social engineering and phishing. By mimicing real-life adversarial activity in a controlled and tightly managed fashion, red teaming allows defenders to practice their detection, mitigation and incident response skills and measure how well your organisation responds to real-world threats. During the red teaming assessment, the red team will work closely with the white team of the customer. This white team acts as a controlling factor, to make sure the red teaming exercise is performed in a well-guided and safe manner. In addition to red teaming, it is possible to perform a purple teaming exercise. Purple teaming combines the efforts of the red and blue team to search for and mitigate potential security vulnerabilities in conjunction with each other.
ICS / SCADA Red Teaming is different
For many industrial & infrastructural organisations traditional IT security concerns such as confidentiality, integrity and availability take a back seat to process-oriented concerns such as controllability, operability and observability and this affects red teaming operations. Understanding the unique threats faced by ICS / SCADA environments requires a red team to comprehend not only the specific Operational Technology (OT) landscape involved but also process-specific risks.
In the webinar we will discuss how to establish clearly defined and relevant red team mission goals while working out feasible (cyber-physical) attack scenarios in cooperation with OT personnel. We will also discuss how to simulate attacks along various avenues of approach, ranging from breaches in IT / OT perimeters to hacking upstream from a remote substation, and with varying levels of maturity, ranging from 'going in blind' to an attacker with significant process comprehension and tailored exploitation & malware capabilities obtained through prior compromise of system integrators and contractors.
Safe & Realistic Red Teaming
A major concern in ICS / SCADA red teaming is keeping the engagement both safe and realistic at the same time. Conventional red teaming practices in live ICS / SCADA environments might pose unacceptable operational and safety risks, yet we still need to be able to simulate realistic adversaries with a high risk appetite.
In the webinar we will discuss how to meet both criteria by drawing on real-world adversarial Tactics, Techniques and Procedures (TTPs) and by carefully scoping and planning offensive activities in close cooperation with safety personnel in order to determine which digital and physical environments are off-limits and how to carry out compensating operations in order to deliver a comprehensive engagement.
Who should attend?
The webinar will be designed to provide a high level view of the topic, while at the same time zooming in on certain technical aspects. Therefore, it is fit for everyone from security managers and officers to technical security personnel from industrial & infrastructural organizations.
Jos Wetzels, Principal Security Specialist at Secura. Jos Wetzels is a security specialist and researcher in embedded systems security. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he e.g. developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure.