Cloud Range Live-Fire Cybersecurity Training

Mindful people are marked by curiosity. At least, that is one characteristic. I don’t know about being mindful, but I embody a healthy dose of curiosity. A press release came my way from a company I had never heard of touting a process I also had never heard of—range. So, I had to investigate. In addition to the Web (yes, you can still do research by searching on the Web, but thanks to Google, it’s not as easy or as fruitful as it used to be), I also talked with Debbie Gordon, CEO  of Cloud Range.

This technology solution relates to cybersecurity. Specifically, these solutions provide training for varieties of personnel regarding identifying and thwarting cyber attacks. The “range” term is known in the IT world. Cloud Range, Gordon told me, is the first company to take the concept, develop it specifically for the operations environment, and use it to train operators, engineers, manufacturing IT, and any others who may be involved. 

Gordon used the metaphor of a flight simulator. It’s better for a pilot to train on abnormal situations in a device that isn’t going to crash and kill everyone on board. The problem for operations people lies in the fact that they may have never experienced a cyber attack. They may treat it as just another alarm that can often be ignored.

Cloud range also understands that while IT’s concern is data, OT’s concern is uptime. This requires an entirely new look at how to train and solve the problem.

On to the news:

Cloud Range introduced Cloud Range for Critical Infrastructure—the first-of-its-kind full-service, live-fire simulation training specifically designed to proactively train and prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and information technology (IT) environments to defend against cyber attacks to critical infrastructure. 

The digital convergence of OT and IT in critical infrastructure sectors has increased the focus of cyber attacks against OT and industrial control system (ICS) environments. This has accelerated the need for cyber defense teams to understand, train, and prepare to protect these assets. However, OT and IT environments can have very disparate objectives, setups, and risks. OT security requires different protocols, analysis, forensics, and other security methods than traditional IT security networks. That’s why OT/ICS security teams require unique training to ensure they can overcome the threats and challenges they face. 

Cloud Range for Critical Infrastructure is the industry’s first and only full-service OT/ICS/IoT cyber range simulation training environment with dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. The customizable OT environments include unlimited network scenarios to simulate any organization’s OT/IT network and emulate any industrial sector, including energy, nuclear, transportation, communications, water systems, buildings/facilities, and more. The new OT solution not only strengthens the resilience of security teams, but also improves operational efficiency by providing a collaborative environment for IT/OT teams to work and train together and remove the complexity and friction between them that is common in most organizations. 

The product is a program with a taskmaster where personnel set aside a training time of around four hours to participate in the simulation.

Cloud Range for Critical Infrastructure mimics potential real-life cyber attacks and enables cyber defenders to see and understand an attack before it actually happens, preparing them to be ready to defend. Attack scenarios are mapped to the MITRE ATT&CK Framework for Industrial Control Systems (ICS) so teams can understand the specific tactics taken by adversaries. The immersive, live-fire cyber range environment gives OT IR and ICS security teams the needed expertise, judgment, skills, and muscle memory required to be ready when a real attack occurs. 

Cloud Range training missions are led by expert attackmasters providing teams with real-time guidance. Additionally, security leaders receive performance metrics and analysis with prescribed training plans based on the results of an exercise.

Learn more about OT cyberattack simulation training by watching the webinar, “Conquer OT Attacks in an IT-focused World” featuring Debbie Gordon, founder and CEO of Cloud Range; Bryan Singer, Principal Director, Global OT Incident Response Lead at Accenture; Mark Cristiano, Global Commercial Director – Cyber Security Services at Rockwell Automation; and Lucian Niemeyer, CEO of Building Cyber Security.

Protection From Coming Hardening of DCOM

[Note: If you had previously signed up to receive new posts via email, you’ve noticed that they stopped and then restarted. WordPress had notified me that this service had ended. I recently saw where it was active, but not supported. Update: I’ve received multiple messages from one post. I’ve changed the frequency to daily updates. We’ll see how that works.

You can subscribe to an occasional newsletter that I’ve been playing around with. It comes through my HEY.com email account. If you haven’t checked out Hey, give it a look. I haven’t moved my business email there, yet, but I like the new take on an email client. My email address there is [email protected] You can check it out by clicking on the mail button at the right sidebar.]

I actually thought that the whole DCOM technology situation was over. That is an old Microsoft Windows technology long since passed by in usefulness. Except, there’s a lot of it laying around with OPC Classic. As we often say, technologies change slowly in industrial and manufacturing applications. This is a potential snafu. I first wrote about Velta Technology last September. This news is about a partnership to offer a solution to the looming hardening of DCOM.

­­Velta Technology and TXOne Networks Inc. are teaming to help organizations safeguard their industrial control systems (ICS) and avoid potential revenue disruptions ahead of an imminent Microsoft Windows Distributed Component Object Model (DCOM) hardening patch enablement. In the absence of a proper mitigation strategy, the DCOM hardening patch could potentially shut down ICS equipment impacting plant production and operations.

Beginning March 14, 2023, the Microsoft hardening patch can no longer be disabled and will trigger a forced update which strengthens authentication between DCOM clients and servers. The patch is a core component of automation software products from companies such as Rockwell Automation, GE, Honeywell, Siemens, and others.

Velta Technology and TXOne Networks have partnered to provide a cost-effective and time-efficient interim solution that will maintain operations following the patch. Velta Technology’s industrial cybersecurity experts are utilizing TXOne Networks’ Stellar endpoint protection as a stopgap to the hardening patch, providing customers ample time to develop a more manageable, long-term solution.

Mission Secure Cybersecurity Risk Reduction Process

I reported on a cybersecurity company new to me at the time last month—Mission Secure. With our schedules finally meshing, I recently talked with Jens Meggers, executive chairman. My pre-interview research further revealed that long-time contact Chet Mroz is company president. Other people I’ve know for years are also affiliated.

Publicity people fill my inbox with news from security companies. The latest trend concerns research the various companies have done. Studies invariably show that company executives lag in efforts to mitigate potential cybersecurity risks.

Most of the security firms I talk with either perform network packet sniffing looking for anomalies or they are hardware firewalls. Many are IT technologies loosely adapted to operations. Mission Secure adds capabilities including that and beyond.

Meggers told me there are new demands on the operations space. Threats have quadrupled recently and the landscape is broadening. Actors have gone from individuals to state-sponsored actors or even states themselves. The dark web contains exploits, information and technology for those bad actors who know where to look. Not to mention that the attackers are automating their activities.

Mission Secure has the capability to scan assets of its customers. Many companies can do that in order to see what devices need patches. Operations personnel find themselves swamped with patch requirement at a volume they cannot keep up with. Mission Secure takes a methodical approach.

Three steps

1. Find out what you have and identify risks

2. Who and what have access rights and why

3. Process for continuous validation, rules, define policy

I’m a fan of this process—mostly because it aligns with my training from when I first became involved with digital technology in manufacturing thanks to a VP I reported to. It fits with ideas such as those advocated by gurus such as W. Edwards Deming about process.

Here is a bit more description of Mission Secure:

Mission Secure delivers the only OT cybersecurity platform that enables complete control over your environment, including visibility, anomaly and threat detection, policy enforcement, and Level 0 signal validation.

Visibility

Discover and visualize every asset and every network connection in your OT environment.

Threat Detection

Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

Policy Enforcement

Segment your network and enforce granular policies for true Zero Trust cybersecurity.

Signal Validation

Monitor physical process signals to detect threats and prevent system damage.

Rockwell Automation Smart Machine, Safety, Security Announcements

The Rockwell Automation PR team must have worked overtime following November’s Automation Fair. Here are a number of releases on new products and services. These cover a spectrum of technology areas that further reveal the breadth of Rockwell’s reach. 

  • Smart Machine Development
  • GuardLink with EtherNet/IP
  • FactoryTalk Logix Echo
  • Cyber Endpoint Protection Services

Simplify Smart Machine Development with Improved Micro800 Controllers and Design Software

Machine builders can save engineering time and costs with the enhanced Allen-Bradley Micro850 and Micro870 2080-Lx0E controllers using the latest Connected Components Workbench software from Rockwell Automation.

  • Class 1 implicit messaging capability up to eight EtherNet/IP devices support
  • Streamline integration of controller to drives, supporting PowerFlex 520 series and Kinetix 5100 drives over EtherNet/IP with pre-defined tags and pre-developed user-defined function block (UDFB) instructions.
  • Connected Components Workbench software version 21 required.

GuardLink 2.0 with new EtherNet/IP Interface

  • GuardLink 2.0 offers advanced diagnostics by way of the new Allen-Bradley 432ES GuardLink EtherNet/IP On-Machine Interface or a combination of Dual GuardLink Relay and EtherNet/IP Interface. 
  • GuardLink 2.0 protocol also enables safety-rated control device status reporting and automatic diagnostic reporting to an HMI using CIP Safety over EtherNet/IP.
  • Connect up to 96 safety devices via three independent safety channels. 
  • The interface can cascade power to additional interfaces and can keep track of timing and frequency of events to improve maintenance and create process efficiencies. 
  • The 432ES supports linear, star and Device Level Ring topologies while meeting safety ratings up to SIL 3, Cat 4 PLe.

New Capabilities in Emulation and Support with First expansion of FactoryTalk Logix Echo

  • Attention was dedicated to improving testing, giving users access to more than 20 variations of the 5580 ControlLogix platform at their disposal.
  • FactoryTalk Logix Echo simplifies the emulator experience by providing users the opportunity to download directly to FactoryTalk Logix Echo without modifications. 
  • Having the emulation of the 5580 ControlLogix Ethernet port means that to other software, FactoryTalk Logix Echo looks like another controller, offering flexibility to expand your emulation to visualization or other controllers.
  • Version 2 will be the first emulation platform to support safety controllers by introducing GuardLogix 5580 controller catalogs. 
  • The inaugural version supported one 17 slot chassis, but the latest release now supports the creation and communication of multiple chassis with one FactoryTalk Logix Echo license. 

Comprehensive Endpoint Protection Services

  • For organizations to secure their operations and reduce cyber threats, a successful cybersecurity strategy requires solutions to secure endpoints – any device that is connected to a network outside of its firewall, including laptops, HMIs, switches, IoT devices, and more.
  • Rockwell Automation and CrowdStrike are providing manufacturers with comprehensive Endpoint Protection Services, combining Rockwell Automation’s Industrial Cybersecurity Services and CrowdStrike Falcon platform to monitor, protect, investigate, and respond to incidents. 
  • Purpose-built in the cloud with a single lightweight-agent architecture, the CrowdStrike Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity, and immediate time-to-value.
  • When customers choose the CrowdStrike Falcon platform through Rockwell Automation, they receive the industry-leading software coupled with OT-specific Falcon policies, developed by Rockwell Automation cybersecurity specialists, and backed by software and phone support. 
  • Endpoint Protection fits into the expansive Rockwell Automation portfolio of Managed Services along with Incident Response and Threat Detection to provide customers with a holistic cybersecurity solution.

Honeywell Connect 2022 Updates

Honeywell has been an enigma to me for several years. I haven’t been confident in product direction, where different elements of process automation would fit, and would it make a transition to software. Then came Honeywell Forge. Where did that fit with Process Solutions and UOP? Then we had the pandemic and I couldn’t make the User Group this year due to many conflicts.

This is mostly my deficiency, but also I had lost track of contacts. All that is remedied, and the picture is beginning to focus. I was also able to catch some virtual conferences to gain insight from CTO Jason Urso.

Honeywell Forge is coalescing into a viable software division. Process Solutions is cranking out some interesting new products and services. Sustainability is a key strategy. Cybersecurity remains strong within the portfolio.

I’m quite late with this update. Following are major points from recent announcements. Check out the various links for more.

Manufacturing Excellence Platform

Manufacturing Excellence platform provides real-time end-to-end production visualization and dashboards for multiple user roles from operators to management, process unit timelines, detailed equipment status, and trends of critical process parameters. The Manufacturing Excellence platform, built for Life Sciences applications, puts actionable information in context in one interface. The solution digitizes paper-based batch records, work instructions, and logbooks to ensure consistent compliance with standard operating procedures.

Honeywell Forge Performance+

As part of the new Honeywell Forge Performance+ for Industrials suite, Asset Performance helps deliver asset reliability and energy efficiency through real-time monitoring of assets using predictive models embedded with deep-domain expertise. Asset Performance can help to both detect potential asset health issues and predict possible time to failure in order to proactively improve plant availability.

Enhancements to Existing Honeywell Software Solutions

  • Honeywell Plantwide Optimizer – End-to-end solution that integrates planning, operations and blending in near real time.
  • Honeywell Operations Management – Enhancements to the user experience designed to help industrial operations managers to better proactively monitor, document and operate their industrial processes to reduce downtime, increase throughput and yields, and standardize shift reporting.
  • Honeywell Workforce Competency – Enhancements to the simulation-based experiential learning solution to develop and enhance the competency of today’s industrial workforce include persona-based dashboards and a new soft Safety Manager direct link.

Cybersecurity

Honeywell’s AMIR managed service brings increased cybersecurity capabilities to an organization’s existing Security Operation Centers (SOCs) to strengthen OT cybersecurity across the enterprise.

Cyber App Control, previously known as Application Whitelisting, is a vendor-agnostic cybersecurity solution suitable for both Honeywell and non-Honeywell control systems designed to provide an additional layer of security that allows only known and trusted applications to run on ICS assets and increases a customer’s ability to prevent known malware and zero-day attacks on OT environments that often rely on more vulnerable legacy systems with challenging maintenance schedules.

Honeywell Forge Sustainability+

• An enterprise solution that measures fugitive and process GHG emission leaks, continuously monitors sites for new or remediated emissions, reports on emissions’ status and drives emission reduction strategies and solutions.

• Innovative gas detection technologies with Honeywell Versatilis Signal Scout gas detector and Gas Cloud Imaging, interfaces with Emissions Management for continuous measuring and monitoring of emissions, enabling customers to better manage GHG emissions proactively in near real-time. 

• Reporting of process emissions with site- and enterprise-level trending and visualization that allows organizations to locate methane leaks that may cause production loss or impact worker safety, as well as gain access to metrics and alarms associated with gas leaks.

• Enterprise-wide accounting, visualization and reporting that eliminates periodic manual reporting and provides a holistic, near real-time view of Scope 1 emissions for HSE professionals and executive teams.

Honeywell and Aramco JV for Business Process Software

Honeywell and Aramco have announced the signing of a joint venture (JV) agreement to provide a set of end-to-end business process automation solutions, under the Aramco Namaat Industrial Investments Program. The technology solutions can be offered to a wide range of industrial sectors to help maximize profitability, improve productivity, sustainability and operational excellence, on a global scale. The new JV offerings will leverage Aramco’s Plant.Digital platform (formerly Integrated Manufacturing Operations Management System – iMOMS) as well as Honeywell Connected Enterprise’s technology development and industrial digital solutions implementation experience.

The JV aims to equip industrial companies with the tools, processes and practices they need to run plant operations more effectively and accelerate sustainable digital transformation and operational excellence initiatives. It will emphasize the development, integration, and deployment of Operations Technology (OT) solutions and Digital Transformation consulting.

The new JV is expected to create more than 300 jobs in Saudi Arabia within five years, supporting the Aramco Namaat Industrial Investments Program, which is designed to boost Saudi economic and workforce development.

Partnership for Track and Trace Solutions

Honeywell announced that Imperial Brands, a British multinational tobacco company, has chosen Honeywell to provide the Honeywell Track & Trace solution (“Honeywell Track & Trace”) to digitalize and transform the monitoring and tracking of their supply chain operations.

In addition to the cloud-based Honeywell Track & Trace solution, Honeywell will provide a comprehensive and integrated system of support, professional services, and governance to help Imperial’s business meet critical requirements for compliance and executing its global supply chain.

Deterministic Ethernet Solutions for Industrial and Critical Infrastructure Applications

Reza Eltejaein from Marvell Technology explained how deterministic Ethernet is displacing special purpose networks in several applications also describing the company’s new Ethernet switches for harsh environments and PHYs targeted to the industrial and critical infrastructure markets. This solution finally brings Time Sensitive Networking (TSN) to reality.

Ethernet is still too expensive for the sensor and other physical device layer. Achieving deterministic Ethernet for critical applications above that layer has been a target for engineering for years. Marvell Technology now offers a solution. 

Marvell’s Secure Deterministic Ethernet solution, comprised of Prestera switches and Alaska PHYs, is designed for switch appliances used in often-harsh environments. By enabling the more widespread use of Ethernet in the OT environment, the new solution facilitates the adoption of modern IT tools and security methods in OT networks, enabling a common management and automation approach from the cloud to the OT network edge.

The new solution addresses deterministic networking requirements with a set of Ethernet standards known as time-sensitive networking (TSN). With TSN, virtually any kind of Ethernet traffic can share a network, allowing siloed IT and OT networks to converge, thus reducing costs and facilitating in OT networks the analytics, automation and intelligence that are transforming IT networks.  

To better protect these networks, the new Prestera industrial-grade switches with TSN offer industry-first device- and link-level security, in the form of Secure Boot and MACsec. 

  • Integrated switching, CPU and Ethernet PHY—reduces power and footprint versus separate components. 
  • Time-Sensitive Networking: 802.1AS, 802.1CB, 802.1Qav, 802.1Qbv, 802.1Qbu, 802.1Qci, 802.1Qat—supports reliable, low-latency Ethernet performance.  
  • IEC/IEEE 60802 TSN profile for Industrial Automation—enables real-time end-to-end communications with guaranteed reliable performance and data delivery. 
  • 802.1AE MACsec—provides Layer-2 security for data integrity and confidentiality. 
  • Secure Boot—allows only trusted software to execute on the system. 
  • Parallel Redundancy Protocol (PRP) and Highly-available Seamless Redundancy (HSR)—provide no-loss failover in case of failure of any single network element. 
  • TrackIQ—provides rich telemetry data for use in network analytics and observability tools. 
  • Ruggedized -40°C to +85°C system operation—enables reliable operation in harsh environments and an expected lifetime of at least 10 years. 

Availability 

The Prestera DX1500 and Alaska E1781 product families are sampling now. 

Follow this blog

Get a weekly email of all new posts.