What if we could step into the ring and learn to defend ourselves without any risk of getting popped in the nose? We could practice jabs, blocking, counter-punching and other self-defense techniques, including staying out of trouble in the first place… all with absolutely no risk and zero pain, because it’s not really ‘real.’ You get the exercise of sparring and develop the muscle memory from training, you just avoid damage. Most importantly, you learn what works and what doesn’t, without penalty.
That’s the theory behind Accenture’s Houston-based Industrial Control Systems (ICS) Cyber Range. It’s a place where everyone in the energy value chain – upstream, midstream and downstream – can test the cyber readiness of their industrial systems and process control networks against sophisticated attacks.
It’s risk-free but not stress-free. The attacks can come low and slow or quickly and furiously, but regardless, the opponents are very good. Some defense techniques get exposed for their blind spots and others develop more ‘street-cred’ when they shield industrial assets from harm, but one thing is for sure... everyone comes out smarter, more experienced and more educated.
Why you need to care
Industrial systems and process control networks remain vulnerable along with many other field and production assets. Accenture’s State of Cyber Resilience report said it all: Seventy one percent of organizations admitted cyber attacks are still "bit of a black box," meaning—after all their efforts and expense—they are still unsure of their ability to detect, mitigate and prevent attacks.
Reading further, the news doesn’t get much better. As the report notes, companies also said their cybersecurity programs protect only about two-thirds (~67 percent) of their organizations, with third parties ranked lowest at only 32 percent. Importantly, this holds true for increasingly connected organizations in exploration, energy, oil and gas, midstream and downstream, where traditional IT equipment must now integrate reliably and securely with ICS components and aging field systems … while, of course, fending off increasingly sophisticated attacks.
Every day, cyber opponents and adversaries circle these companies and their increasingly extended value chains Looking for the weakness. They jab, fake, pepper the midsection and then send roundhouses toward the head, looking for knockouts.
Martial artists, boxers and security personnel need to learn by doing and practicing
Companies that visit the Accenture ICS Cyber Range find themselves immersed in an environment that is both safe and hostile—making mistakes, learning and testing new techniques and technologies. Specifically, they can:
Test and assimilate new ICS tools and technologies without risk in our ICS engineering lab using real-time data, with practitioners specialized in architecting ICS process control networks.
Experiment in a recognizable, scaled-down environment: Similarities to the field OT environment adds realism in a controlled environment while exposing IT security professionals to new devices and security techniques.
Learn what works and what may be hype: Energy organizations get to leverage Accenture’s investment in commercially available security technology to test assets in the field.
Learn to integrate and orchestrate diverse equipment and vendors: With so many different systems, coordination is critical.
Fuse intelligence and detection with response and remediation: Our hybrid team of field engineers, process control architects, cyber defense professionals—across CIFR, iDefense, and ICS Security Engineering—know how to respond to incidents, regardless of location and OT system type.
Improve anomaly detection: By learning how to enhance their use of anomaly detection tools, clients get a more accurate and dynamic picture of what’s really happening on their network.
Improve threat hunting and vulnerability research: Learn from our ICS threat analysts, who have years of experience using various public and private sources to collect and share specific intelligence with clients.
Fine-tune event monitoring: The ICS Cyber Range can help clients enhance their SIEM and even MDR configurations, ensuring that ‘real’ alarms are recognized.
Improve maintenance and upkeep: Our tools can reveal detailed information on firmware version and chassis buildout, ensuring known vulnerabilities are mitigated with minimal impact to process and system availability.
Strengthen credentials management: Clients can learn to monitor the use of their most powerful credentials, ensure proper change practices and create alarms triggered on misuse of crucial log-ins.
We’ve found that clients who visit the Cyber Range and engage with our team gain much better visibility in their process control environments—reducing detection time tenfold. That comes in handy when the bad guys are looking for trouble.