Our “Blue Team vs. Red Team” service offers a simulated attack and defence exercise designed to test and improve the security awareness, posture and overall skill levels of critical infrastructure operations and industrial control system professionals.
The service has been developed specifically for critical infrastructure operators and industrial control system cybersecurity professionals.
In today’s fast-paced and ever-changing world, organisations are facing a growing number of cyber threats that target their Operational Technology (OT) and critical infrastructure. These threats pose a significant risk to the safety, reliability and availability of critical systems, potentially causing severe disruptions to essential services.
The typical organisational challenges can be categorised as:
Limited practical experience
-
Limited hands-on experience of defending against cyber-attacks.
-
Weak decision-making under pressure.
Lack of knowledge
-
Lack of familiarity of how attackers operate, the tactics and techniques that they use.
-
Limited understanding of how to actively defend against cyber-attacks.
Deficiencies in your systems and processes and people
- Complacent security posture.
- Inadequate incident response planning and coordination.
Hidden vulnerabilities in infrastructure
- Air gapped systems have become connected to networks.
- Digitalisation has introduced new risks.
To help organisations defend against cyber-attacks our “Blue Team vs. Red Team” service offers exercises built around simulated attack and defence. The exercise is designed to test and improve the security awareness, posture and overall skill levels.
Our exercise provides realistic and challenging scenarios that allow organisations to identify and address limitations in their systems, processes and people.
The service is primarily aimed to the needs of critical infrastructure operators and industrial control systems cybersecurity professionals, who defend their estates on a daily basis. At the end of the exercise, our team will provide a detailed report containing observations and recommendations to further improve your organisations OT cybersecurity posture based on industry best practice. This will cover response processes, decision making and skills.
Our service is split into a comprehensive set of modules that our exercises can cover. To make this as relevant as possible to your organisation and team, Thales will work with you to develop a programme and exercises customised from these modules to your specific needs and objectives.
| Adversarial TTP | Lateral Movement | Use of C2 Infrastructure | Industrial Protocol Security | Establishing Secure DMZs | Exploitation of Network Boundaries |
| Threat Hunting Concepts | Post Exploitation for ICS | Attacking Field Devices | OT Architecture Fundamentals | Network Recon | Establishing Persistence |
| Creating Cyber Defensible Positions | Penetration testing | Configuring of Boundary Firewalls | System Hardening | Network Intrusion Detection | Host Based Intrusion Detection |
The experience of Thales is that “Blue Team vs. Red Team” exercises will involve participants with varying degrees of skill level. To accommodate this, Thales have designed tailored exercises that are suitable for each skill level:
| Methodology | After-Action-Report | Thales leading Blue and Red Teams | Tracking of Score | Remote Use | Target OT Knowledge | Duration |
|---|---|---|---|---|---|---|
|
Aware |
• |
• |
x |
x |
None |
2 – 3 Days |
|
Enact |
• |
• |
x |
x |
Foundation |
2 – 3 Days |
|
Vigilant |
• |
• |
• |
x |
Professional |
Flexible |
|
Resilient |
• |
x |
• |
• |
Specialist |
Flexible |
Aware: provides a strong focus on instructor-led development of new skills.
Enact: is most suitable for teams with an understanding of OT environments but limited offensive or defensive capabilities.
Vigilant: delivers an authentic fast-paced and action packed blue team vs red team experience.
Resilient: is best suited for established, dedicated and professional offensive and defensive security teams looking to hone their skills and practice in an OT environment.
Participating in our “Blue Team vs. Red Team” exercise can provide participants with a range of valuable learning experiences and skill development opportunities.
Firstly, participants will have the opportunity to gain hands-on experience in defending against cyber-attacks. By simulating real-world attack scenarios, participants can develop a deeper understanding of how attackers operate, the tactics and techniques they use as well as how to actively defend against them. This experience can help participants identify vulnerabilities in their own infrastructure, improve their security posture and enhance their overall cyber defence skills.
In addition, participants can also develop their incident response skills by participating in our exercise. During the exercise, participants will be required to detect, contain and respond to a simulated cyber-attack. This process can help participants to improve their incident response planning and coordination, develop their decision-making skills under pressure and enhance their ability to swiftly respond to cybersecurity incidents. Through this experience, participants can also gain a better understanding of the importance of effective incident response planning and execution, as well as the potential consequence of inadequate response.
Finally, our “Blue Team vs. Red Team” exercises provide participants with the ability to enhance their collaboration and communication skills. This is done by providing participants the opportunity to work with colleagues from different departments, such as IT, security, operations, engineering and maintenance. This experience can help participants improve their teamwork skills and develop their ability to communicate complex technical concepts to non-technical colleagues.