Mindful people are marked by curiosity. At least, that is one characteristic. I don’t know about being mindful, but I embody a healthy dose of curiosity. A press release came my way from a company I had never heard of touting a process I also had never heard of—range. So, I had to investigate. In addition to the Web (yes, you can still do research by searching on the Web, but thanks to Google, it’s not as easy or as fruitful as it used to be), I also talked with Debbie Gordon, CEO of Cloud Range.
This technology solution relates to cybersecurity. Specifically, these solutions provide training for varieties of personnel regarding identifying and thwarting cyber attacks. The “range” term is known in the IT world. Cloud Range, Gordon told me, is the first company to take the concept, develop it specifically for the operations environment, and use it to train operators, engineers, manufacturing IT, and any others who may be involved.
Gordon used the metaphor of a flight simulator. It’s better for a pilot to train on abnormal situations in a device that isn’t going to crash and kill everyone on board. The problem for operations people lies in the fact that they may have never experienced a cyber attack. They may treat it as just another alarm that can often be ignored.
Cloud range also understands that while IT’s concern is data, OT’s concern is uptime. This requires an entirely new look at how to train and solve the problem.
On to the news:
Cloud Range introduced Cloud Range for Critical Infrastructure—the first-of-its-kind full-service, live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber attacks to critical infrastructure.
The digital convergence of OT and IT in critical infrastructure sectors has increased the focus of cyber attacks against OT and industrial control system (ICS) environments. This has accelerated the need for cyber defense teams to understand, train, and prepare to protect these assets. However, OT and IT environments can have very disparate objectives, setups, and risks. OT security requires different protocols, analysis, forensics, and other security methods than traditional IT security networks. That’s why OT/ICS security teams require unique training to ensure they can overcome the threats and challenges they face.
Cloud Range for Critical Infrastructure is the industry’s first and only full-service OT/ICS/IoT cyber range simulation training environment with dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. The customizable OT environments include unlimited network scenarios to simulate any organization’s OT/IT network and emulate any industrial sector, including energy, nuclear, transportation, communications, water systems, buildings/facilities, and more. The new OT solution not only strengthens the resilience of security teams, but also improves operational efficiency by providing a collaborative environment for IT/OT teams to work and train together and remove the complexity and friction between them that is common in most organizations.
The product is a program with a taskmaster where personnel set aside a training time of around four hours to participate in the simulation.
Cloud Range for Critical Infrastructure mimics potential real-life cyber attacks and enables cyber defenders to see and understand an attack before it actually happens, preparing them to be ready to defend. Attack scenarios are mapped to the MITRE ATT&CK Framework for Industrial Control Systems (ICS) so teams can understand the specific tactics taken by adversaries. The immersive, live-fire cyber range environment gives OT IR and ICS security teams the needed expertise, judgment, skills, and muscle memory required to be ready when a real attack occurs.
Cloud Range training missions are led by expert attackmasters providing teams with real-time guidance. Additionally, security leaders receive performance metrics and analysis with prescribed training plans based on the results of an exercise.
Learn more about OT cyberattack simulation training by watching the webinar, “Conquer OT Attacks in an IT-focused World” featuring Debbie Gordon, founder and CEO of Cloud Range; Bryan Singer, Principal Director, Global OT Incident Response Lead at Accenture; Mark Cristiano, Global Commercial Director – Cyber Security Services at Rockwell Automation; and Lucian Niemeyer, CEO of Building Cyber Security.