Network defense is informed by knowing the network, and knowing the adversary – but few practitioners have the fortune of possessing this knowledge before a major breach. Industrial Control System (ICS) networks provide particular challenges due to limitations on operational testing and traditional red team exercises. To address the need for critical assessment of ICS-related networks for developing defensive strategy, this training provides attendees with a comprehensive exercise to identify critical network assets within a theoretical IT and ICS environment, driven by threat intelligence and threat actor profiles.
Starting with an overview of strategy and applying strategic concepts to network defense, attendees will formulate a comprehensive, adversary-oriented network defense plan covering IT and ICS environments. Following additional overview and critique of planning, attendees will then test the plan through an iterative, guided wargaming exercise – the goal being to test planning comprehensiveness, identify gaps, and improve planning and implementation over time. This training is suitable for all levels of security practitioner – from CISO to SOC analyst – as a means to improve and refine defensive planning, especially within environments containing ICS.
Who Should Attend
- Security senior decision makers, from project managers through CIOs.
- ICS network operations personnel responsible for assessing risk or managing network security.
- Security operations personnel, either focused on ICS environment or general IT security, with an interest in network security strategy development.
Key Learning Objectives:
- How to assess the security threat environment to identify threats facing the organization.
- Apply threat assessment information to the organization’s security environment to formulate an actionable, working network defense strategy.
- Learn to critically analyze network defense planning activity and technical controls to identify detection and visibility gaps.
- Gain experience in developing and executing interactive exercises to test security plans to evaluate effectiveness and relevance.
- Learn how to apply and interpret testing results to improve security planning over time, and adapt to a changing threat environment.
- General understanding of computer network security concepts, technical controls, and applications.
- Familiarity with reading threat intelligence reporting covering computer network security issues.
- Base-level knowledge in ICS security concepts preferred but not necessary.
- Laptop computer for development, planning, and documentation during exercises.
- No other significant technical requirements – lectures and exercises will be based around discussion.
- Introduction to strategy within a computer network defense environment.
- Identifying unique aspects of ICS networks and their impact on strategy development.
- Review of threat activity groups and threat intelligence reporting.
- EXERCISE: Critical evaluation of threat intelligence reporting to extract actionable information.
- Review of ICS-specific network defense concepts and strategies.
- Discussion and examples of threat modeling and developing threat-focused defensive plans.
- EXERCISE: Formulate threat model for hypothetical ICS network based on available reporting.
- Combining organizational knowledge with threat environment assessment to develop specific network security strategy.
- EXERCISE: Develop strategic network defense plan for hypothetical ICS network.
- Plan review and debrief.
- Review of strategic plans and purpose.
- Distinction between red teaming and wargaming.
- Wargaming introduction, rules, and procedures.
- Importance of and critical components of after-action analysis and iterative development.
- EXERCISE: Classroom wargaming exercise testing developed network security strategy.
- After-action review of wargaming exercise, course take-aways, and closing.