Incident Response, Content, Security Program Controls/Technologies

Cloud Range Launches OT/ICS Live-Fire Simulation Training to Reduce Risk from Cyberattacks on Critical Infrastructure

In the System Monitoring Room Two Senior Operators Work on a Big Interactive Map. Facility is Full of Screens Showing Technical Data. (In the System Monitoring Room Two Senior Operators Work on a Big Interactive Map. Facility is Full of Screens Showin

Cloud Range, a cybersecurity simulation trainer, has launched what it is touting as the first-of-its-kind live-fire training to prepare incident responders (IR) and security operations (SOC) teams in operational technology (OT) and IT environments to defend against cyberattacks to critical infrastructure.

Advantages for MSSPs

The Nashville, Tennessee-based company said its cyberattack simulation technology is also used by managed security service providers (MSSPs), governments, higher education institutions, utilities, critical infrastructure and other industries.

Attacks on critical infrastructure facilities have increased noticeably, punctuated by the Colonial Pipeline ransomware hijacking in mid-2021 along with other incidents in the transportation, water, communications and manufacturing, many of which have been launched by U.S. adversaries.

Cloud Range’s simulation training features dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. The customizable OT environments include unlimited network scenarios to simulate any organization’s OT/IT network and emulate any industrial sector, including energy, nuclear, transportation, communications, water systems, buildings/facilities, and more.

How Cloud Range Works

The digital convergence of OT and IT in critical infrastructure sectors has increased the focus of cyberattacks against OT and industrial control system (ICS) environments, Cloud Range said, prompting cyber defense teams to feel the pinch to better protect critical assets. Unfortunately, OT and IT environments have different needs, making it important to address OT’s objectives, setups and risks separately.

Cloud Range for Critical Infrastructure mimics potential real-life cyberattacks and enables cyber defenders to see and understand an attack before it actually happens, preparing them to be ready to defend. Attack scenarios are mapped to the MITRE ATT&CK Framework for Industrial Control Systems (ICS) so teams can understand the specific tactics taken by adversaries.

Commenting on the state of cybersecurity preparedness, Debbie Gordon, Cloud Range chief executive, said:

“Cyber threats are increasingly targeting devices and systems that manage industrial operations, and the repercussions of an OT system breach can be much worse than an IT-related one. Organizations must expand their cybersecurity capabilities beyond data protection and include the concept of cyber safety and the protection of human lives.

"With a greater risk to critical infrastructure, we simply don't have enough skilled and experienced cyber professionals to defend the front lines. Organizations can’t rely on the traditional training and certifications of their IT and OT teams, and they will need to invest in dynamic training content that mimics actual adversary methods to protect their data as well as people."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.