April sees the birth of the UK’s first ever hands-on information security course designed specifically for IT professionals charged with securing our Critical National Infrastructure (CNI) and related industries. The new educational vehicle, developed by the SANS Institute, follows an increase in the number of cyber attacks aimed at delivering kinetic payloads.
The SANS SEC562: CyberCity Hands-On Kinetic Cyber Range Exercise will make its European debut in London between 27 April and 2 May. The six-day course includes hands-on digital representation of a city and commonly found real world systems used across a wide range of computers, networks, programmable logic controllers and underlying protocols that operate most of the physical infrastructure used by key UK utilities, oil and gas, military and industrial automation concerns.
“There has been an assumption that cyber attacks are all about targeting banks and retailers for monetary gain,” explained Tim Medin, course co-author and certified SANS instructor, “but for many years now CNI has been under constant attack without generating the headlines or media hype.”
Medin added: “These days, the motivations of attackers are not so clear cut. We’re now seeing a type of asymmetric warfare wherein actors including hacktivists, disgruntled employees and, in some cases, nation states that cannot mount a direct attack are aiming instead to cause real world damage without the spotlight of notoriety or, indeed, the risk of arrest.”
In addition, Medin points to incidents including that at a steel mill in Germany, one at a gas pipeline in Turkey and the infamous Stuxnet attack perpetrated on nuclear facilities in Iran as examples of cyber attacks that have led to severe kinetic damage.
“Increasingly,” he explained, “organisations are using sophisticated IT to improve the efficiency of electrical grids, water treatment and even traffic lights, but these interconnections can leave highly computerised nations vulnerable to attacks that cause an incredibly damaging ripple effect.”
Medin also highlights the challenges involved for those teams tasked with protecting these systems. “One of the fundamental problems for defenders is that these systems are complex and highly specialised. They’re often in place for several decades. The skills needed to design and implement Best Practice security in these environments is scarce. Even making small changes to live systems is a daunting process. There’s an element of risk as the consequences of making mistakes can literally turn the lights out.”
Understanding the processes used by attackers
The new course includes a 1:87 scale miniaturised physical city that features ICS-controlled electrical power distribution as well as water, transportation, hospital, bank, retail and residential infrastructures.
The software systems employed by these infrastructure models are real and the course is weighted towards hands-on exercises configured to help students understand the processes attackers use to gain control, in turn helping them to better defend these targets.
The course includes modules that focus on network reconnaissance, protocol manipulation, ICS switching and power grid manipulation. However, it also reviews operator interface terminals and the human elements such as the targeting of key individuals through social networking and intelligence gathering.
The new course is rounded off by a red team/blue team mock cyber battle within the ‘Cyber City’ to put theory into a practical arena for attack and defence scenarios.
“It may sound like overkill,” continued Medin, “but the reality is that, every year, more and more of our infrastructure is becoming connected and automated. If we fail to properly train the people whom we ask to defend these systems then eventually we’ll have a ‘Titanic moment’ on our hands. By that point it will be too late.”
Medin also stated: “Part of the challenge is to shift the collective mindset away from complacency towards an active defence.”
Attendees for the debut of this course in Washington last year were a diverse mix of senior staff across the entire spectrum of infrastructure as well as the military and Government. “The feedback we had was amazing,” enthused Medin. “Now, this first UK session has also enjoyed a huge amount of forward interest. We would urge participants to register as soon as possible in order to secure their place.”
The SEC562: CyberCity Hands-On Kinetic Cyber Range Exercise will take part within SANS ICS London 2015. This annual event will also run the foundation ICS410: ICS/SCADA Security Essentials course and two hosted courses on Assessing and Exploiting Control Systems and Critical Infrastructure and Control System Cyber Security.
About the SANS Institute
The SANS Institute was established in 1989 as a co-operative research and education organisation. It’s now the largest provider of training and certification for professionals in Government and commercial institutions worldwide.
Each year, SANS Institute instructors teach over 50 different courses at more than 200 live cyber security training events as well as online.
For its part, GIAC – an affiliate of the SANS Institute – validates employee qualifications via 27 hands-on technical certifications in information security.
SANS Institute offers myriad free resources to the information security community including consensus projects, research reports and newsletters. It also operates the Internet’s early warning system, designated the Internet Storm Centre.
Further information is available online at: www.SANS.org