In a flurry of weather following the recent typhoon that hit the island of Japan, we headed out to speak at a prestigious Japan - US Industrial Control Systems Cybersecurity Training for Indo-Pacific Region event hosted in Tokyo by IPA’s Industrial Cyber Security Center of Excellence (ICSCoE). With global tensions, and the increasing threat of attacks targeting critical infrastructure and supporting organizations – there is no better time to collaborate.
Given that Verve Industrial actively participates also in Department of Homeland Security (DHS) CISA group’s Industrial Control Systems Joint Working Group (ICSJWG) regularly as vendor, speaker and government supporter – our attendance in Japan should not come as a surprise. From our team, Ron Brash went to discuss the needs and requirements to create an ICS Detection Challenge as one metric to measure effectiveness for asset owners, industry groups and vendors, but also the methodology that went into creating such a challenge and creating realistic threat scenarios.
Regardless of the initial motivations of the original challenges, the methodology that Ron has brought to the table with Verve is a unique way to build tailored and realistic simulated threat scenarios that mimic an actual organization’s attributes by using real-world data. The purpose of this is twofold, firstly, it creates an accurate simulation that is able to test people, technology and process, and secondly, provides an alternative to paper-based assessments, and potentially disruptive read-teaming. For organization’s that might be a bit more risk adverse – this methodology conveniently fills a middle area between the other approaches, demonstrates our expert threat understanding, and is a part of the Verve product catalog as part of our advisory cybersecurity services.
As part of that event, Ron also met with over one hundred sixty (160+) individuals from nearly fifteen (15) countries that were there to learn ICS security and participate in the exercises. In addition to hearing many experts speak, we also got to visit the ICSCoE’s lab & witness their efforts. While still being only a few years old, the lab ICSCoE is among one of the best we have ever seen stood up, and while catering largely to domestic and surrounding Asian markets – it was truly impressive both in size, setup, and in scenarios/research being demonstrated. The content, the variety of attendees, and involvement by facility operators should be a standard that many aspiring labs should look to for reference. To learn more about ICSCoE, check it out here: https://www.ipa.go.jp/files/000073583.pdf
Again, as part of our commitments for enabling real cybersecurity for asset owners, attending conferences such as this one, are one of the ways we give back to the community, and it was an honor to be invited by ICSCoE. To find more about our past involvements, or to learn about our product, please reach out to email@example.com