How can you test cyber resilience, prior to attack?  

By Justin Lowe

Operational Technology (OT) or Industrial Control Systems (ICS) may sound as though they play no part in day to day life. Even less that they would be targets for cyber attacks - surely personal data or financial systems are more attractive?

In reality, ICS are the systems that keep the lights on, the trains running and even planes in the sky. And for that reason, they are frequently, and successfully attacked. Recent news events show us that this technology is vulnerable, and that attacks can cause significant disruption. 

What is stalling resilience in OT systems?

The complex issue is that, often, ICS receive different treatment to IT assets and infrastructure when it comes to cyber security. There are also cultural and organisational issues that play a role. Ultimately, ICS need to be as resilient as any other technology asset. 

Given the increasing need to be resilient to cyber attack, a focused and robust approach to building resilience in OT needs to move up the agenda of organisations who rely on ICS to keep their businesses running. 

The challenge here is that its currently difficult to: understand how secure OT systems are; where the vulnerabilities lie; and how to defend them. 

These three steps are fundamental to developing resilience and relevant incident response plans in the event of an attack. Critically, these steps need to be taken prior to attack, to avoid the impact of a genuine cyber security incident on ICS. 

Demonstrating vulnerabilities in ICS is also a great way of prioritising the need for further security measures.

So, how do you test OT resilience prior to an attack?

  1. You need to bring ICS cyber security to life
    That means testing in a live environment to identify threats, weaknesses and ultimately, to build resilience
  2. You need the correct environment to test in
    The simulated environment must resemble reality as closely as possible the network environment of a live ICS, with the correct OT in place, tailored at least to your specific industry.
  3. You need active security monitoring whilst the test is running
    Active monitoring must occur in testing so that vulnerabilities can be correctly identified within the live environment.

Industries are currently struggling to find relevant tools to develop live testing environments in order to build cyber resilience. 

In order to protect OT from attack and prevent widespread disruption to business and the public, then steps must be taken to develop testing further, using the correct tools.

The ICS Demonstrator

To support industries operating with ICS in place, PA have built a unique tool to develop cyber resilience: the ICS Demonstrator.

The tool uses real ICS equipment and networks to provide live demonstrations of potential cyber-attacks against ICS and allows industry to test a range of defence approaches.  

Currently configured to simulate OT within a nuclear power station, the ICS Demonstrator’s flexible architecture can simulate industrial processes found in many industry environments; power generation and grids, oil and gas, nuclear plants, manufacturing and transport. 

It can also be used to test new ICS security technologies and assess the effectiveness of existing security controls. The Demonstrator provides a flexible environment to demonstrate a wide variety of security vulnerabilities or attack scenarios. It is also devised to enable greater awareness and act as an educational tool to enable further security research and development.

About the authors

Justin Lowe PA digital trust and cyber security expert

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.