Red Team/Blue Team: Industrial Cybersecurity & Risk Management
(2 Day)

The Revolutionary New & Entertaining Way to Learn Practical, Effective Industrial Cybersecurity and Risk Management

Industrial security should be ingrained in your company's culture, equivalent to safety. Cyber incident preparedness begins with people. ThreatGEN™ training helps improve your industrial cybersecurity capabilities through an innovative and modernized approach. With cutting-edge technology combined with proven methods, ThreatGEN™ is the revolutionary new way and entertaining way to learn practical and effective industrial cybersecurity and risk management skills, from beginner to technical.

What is red team/blue team training?

Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise ICS networks and assets, you’re only getting half of the picture. Without that other half, you’re essentially blindly deploying generic security controls and “best practices”. In order to have an efficient and cost-effective risk mitigation strategy, you must understand not only where your vulnerabilities are, but also the tactics that attackers will use to exploit these vulnerabilities. Red Team/Blue Team Training provides the opportunity to learn these adversarial tactics in conjunction with the defensive methods; and then students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers).

The Gamification Difference: It doesn’t take a hacker to play a hacker!

Traditionally, red team/blue (or red team vs. blue team) training has been a significant time commitment, often upwards of five days or more. This can be taxing on constrained schedules and budgets. Additionally, there has typically been a significant technical learning curve associated with being able to play the part of the red team.  ThreatGEN™ Red Team/Blue Team Training uses cutting edge computer gaming technology developed by experienced industry professionals and authors of “Hacking Exposed: Industrial Control Systems”, to offer all the most valuable aspects of red team/blue team training, but in a fraction of the time and without a technical learning curve. Students of all levels can even play the part of the red team, regardless of experience or skill level. ThreatGEN™ ICS process simulation technology allows students to get hands-on experience with technical vulnerability assessments and penetration testing methods on ICS equipment in simulated industrial environments.  

From basics and strategy to practical application and technical hands-on learning, students will discover that defending their ICS networks and assets is more than simply deploying “best practices” and “layered defense”. They will learn the technical skills necessary to properly assess threats, vulnerabilities, and risks to their ICS, and how to create targeted defensive strategies (using limited resources) against a live opponent who is strategizing against them.

What you will get out of this class:

  • Gain a comprehensive, “big picture” understanding of how all the cybersecurity pieces work together
  • Learn and apply practical industrial cybersecurity concepts in a one-day class
  • Learn vulnerabilities and attack vectors specific to industrial control systems
  • Learn about the methods and strategies hackers use to attack industrial control systems as well as traditional IT systems (NOTE: This is not a technical hands-on “hacking” class)
  • Learn how to deploy efficient and cost-effective mitigation strategies and security controls
  • Learn how to build a complete ICS cyber security program
  • Apply what you’ve learned against a live adversary using the cutting edge, turn-based computer training simulation/game, ThreatGEN™
  • Learn how to respond to, adapt, and defend against active attacks
  • Participate as the blue team and the red team, regardless of experience or technical skill level
  • Taught by industry-leading, world-class experts with years of real-world experience

Intended Audience:

  • Anyone interested in gaining beginner to intermediate knowledge of ICS cybersecurity
  • Anyone interested in gaining a better understanding over the overall cybersecurity “big picture”
  • Cybersecurity managers
  • Upper management concerned with IT/OT cybersecurity
  • Plant managers and asset owners
  • IT cybersecurity staff tasked with OT cybersecurity
  • Engineers tasked with OT cybersecurity
  • End users looking for a more effective (and entertaining) cybersecurity awareness training

Class Outline

DAY 1

  • Terminology
  • ICS Overview
  • What’s the Risk?
  • consequence-driven Risk Assessment PRIMER
    • Analyzing Threat EventS
    • Risk Scenarios
      • Analyzing Threat Events with Consequence and Impact Data
    • Calculating Risk
    • Assessment Phases & steps
    • Consequence-Driven Risk Assessment Process
    • Consequence-Driven Risk Assessment/Management Models and Frameworks
  • The Threats
    • Threat Intelligence
      • Threat Intelligence vs. Threat Information
      • What to Look For
      • Who/What are the Threats?
      • Taxonomy of Potential Threat Sources
      • Threat Source Capabilities, Motivations, Objectives
    • Vulnerabilities Overview
    • ICS Specific Vulnerabilities
      • ICS Protocol and Communications Vulnerabilities
      • ICS Workstation/Server Vulnerabilities
      • ICS Equipment/Device Vulnerabilities
      • Top Issues Found in ICS Assessments
    • ICS Attack Surface
      • Common ICS Attack Vectors
      • ICS Specific Attack/Exploit Strategies
    • Attack Methods Overview
      • ICS Cyber Kill Chain
      • Anatomy of an Attack
        • OvERVIEW OF ATTACKER METHODS

DAY 2

  • Performing a Gap Analysis
    • Using CSET
  • Performing a Vulnerability Assessment
    • WHY & WHEN TO PERFORM A RISK ASSESSMENT
    • VULNERABILITY ASSESSMENT TYPES
    • ICS/SCADA VS. ENTERPRISE IT ASSESSMENT CONSIDERATIONS
    • GRC FRAMEWORK SOFTWARE
    • OVERVIEW OF KEY STEPS
    • ASSESSMENT PLAN: ASSIGNING PERSONNEL
    • ASSESSMENT PLAN: DETERMINING THE SCOPE
    • ASSESSMENT PLAN: METHODOLOGY
    • ASSESSMENT PLAN: COMMON TOOLS
    • ASSESSMENT PLAN: SCHEDULE
    • ASSESSMENT PLAN: SECURITY
    • THE KICKOFF MEETING
    • PERFORMING THE ASSESSMENT
    • REPORTING
    • ASSESSMENT PLAN: PLANNING
    • Site Walk Through
    • Document Review (configs and diagrams)
    • Discovery (assets and “scanning”)
    • Vulnerability Identification
      • Vulnerability Mapping
      • Vulnerability “Scanning”
      • Using Nessus for ICS
    • Maximizing the Value of a Vulnerability Scan
  • Mitigation Strategies
  • Cybersecurity Controls