ICS SCADA Red Teaming Webinar
With the global rise of persistent, targeted attacks on industrial & infrastructure organisations it is more important than ever to be in control of your digital security. In this webinar security experts will discuss red teaming in ICS / SCADA environments by providing an overview of the offensive activities involved while highlighting environment-specific nuances, especially with respect to mission scope, safety concerns and realism.
Date: Thursday 11 April 2019
Time: 3:00 PM - 4:00 PM CET LIVE
Presenters: Jos Wetzels and Roy Duisters
Red teaming simulates full-spectrum offensive operations ranging from cyber penetration testing and physical breaches to social engineering and phishing. By mimicing real-life adversarial activity in a controlled and tightly managed fashion, red teaming allows defenders to practice their detection, mitigation and incident response skills and measure how well your organisation responds to real-world threats. During the red teaming assessment, the red team will work closely with the white team of the customer. This white team acts as a controlling factor, to make sure the red teaming exercise is performed in a well-guided and safe manner. In addition to red teaming, it is possible to perform a purple teaming exercise. Purple teaming combines the efforts of the red and blue team to search for and mitigate potential security vulnerabilities in conjunction with each other.
ICS / SCADA Red Teaming is different
For many industrial & infrastructural organisations traditional IT security concerns such as confidentiality, integrity and availability take a back seat to process-oriented concerns such as controllability, operability and observability and this affects red teaming operations. Understanding the unique threats faced by ICS / SCADA environments requires a red team to comprehend not only the specific Operational Technology (OT) landscape involved but also process-specific risks.
In the webinar we will discuss how to establish clearly defined and relevant red team mission goals while working out feasible (cyber-physical) attack scenarios in cooperation with OT personnel. We will also discuss how to simulate attacks along various avenues of approach, ranging from breaches in IT / OT perimeters to hacking upstream from a remote substation, and with varying levels of maturity, ranging from 'going in blind' to an attacker with significant process comprehension and tailored exploitation & malware capabilities obtained through prior compromise of system integrators and contractors.
Safe & Realistic Red Teaming
A major concern in ICS / SCADA red teaming is keeping the engagement both safe and realistic at the same time. Conventional red teaming practices in live ICS / SCADA environments might pose unacceptable operational and safety risks, yet we still need to be able to simulate realistic adversaries with a high risk appetite.
In the webinar we will discuss how to meet both criteria by drawing on real-world adversarial Tactics, Techniques and Procedures (TTPs) and by carefully scoping and planning offensive activities in close cooperation with safety personnel in order to determine which digital and physical environments are off-limits and how to carry out compensating operations in order to deliver a comprehensive engagement.
Who should attend?
The webinar will be designed to provide a high level view of the topic, while at the same time zooming in on certain technical aspects. Therefore, it is fit for everyone from security managers and officers to technical security personnel from industrial & infrastructural organizations.
Jos Wetzels, Principal Consultant and Security Researcher at Secura. Jos Wetzels is a security researcher in embedded systems security. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he e.g. developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure.
Roy Duisters, Principal Security Specialist at Secura. Roy is an experienced principal security consultant with 7+ years of experience. His content expertise lies in red teaming, infrastructure investigations as well as design/threat modeling. Roy has built and is responsible for the Secura red teaming service, including delivery to several high profile clients within the Netherlands. Next to his strong focus on Red Teaming, Roy performs various threat modeling sessions for the larger and more complex projects and executes pentests and design reviews for key accounts. Also large assignments linked to ICS/SCADA environments are a specialty of Roy.