Verve Industrial had the honor of speaking at a prestigious Japan - U.S. Industrial Control Systems Cybersecurity Training for the Indo-Pacific Region event hosted in Tokyo by IPA’s Industrial Cyber Security Center of Excellence (ICSCoE). With ongoing global tensions and the increasing threat of attacks targeting critical infrastructure and supporting organizations, there is no better time to collaborate and support one another.
Verve Industrial actively participates in the Department of Homeland Security's (DHS) CISA group, the Industrial Control Systems Joint Working Group (ICSJWG) regularly as vendor, speaker and government supporter. Our attendance in Japan should not come as a surprise.
Ron Brash, Director of Cybersecurity Insights, attended the event to discuss the needs and requirements to create an ICS Detection Challenge as one metric to measure effectiveness for asset owners, industry groups and vendors. He is also studying the methodology that went into creating such a challenge and realistic threat scenarios.
Regardless of the initial motivations of the original challenges, the methodology Ron brought to the table with Verve is a unique way to build tailored and realistic simulated threat scenarios that mimic an actual organization’s attributes by using real-world data.
The purpose of this is twofold. First, it creates an accurate simulation testing people, technology and process. Second, it provides an alternative to paper-based assessments and potentially disruptive read-teaming. For more risk averse organizations, this methodology conveniently fills a middle area between the other approaches, demonstrates expert threat understanding, and is a part of the Verve Industrial product catalog as part of our advisory cybersecurity services.
Ron also met with over 160 individuals from fifteen countries that attended to learn ICS security and participate in the exercises. In addition to hearing many cybersecurity experts speak, we visited the ICSCoE’s lab to witness their ongoing efforts. While still in its initial years, the ICSCoE lab is among one of the best we have ever seen stood up.
While catering largely to domestic and surrounding Asian markets, it was truly impressive in size, setup, and in scenarios/research demonstrated. The content, variety of attendees, and involvement by facility operators should be a standard that many aspiring labs should look towards for reference.
As part of our commitments for enabling real cybersecurity for asset owners, attending conferences is one way we give back to the community, and it was an honor to be invited by ICSCoE.