Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
2024-4-18 21:0:0 Author: www.tenable.com(查看原文) 阅读量:7 收藏

The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real-world simulations in this controlled environment.

OT is Everywhere

The world is addicted to operational technology (OT), even if most don’t realize it. It’s the unseen force that powers everything — from water treatment plants to transportation systems, opening doors or even cooling a room. As the threat of attacks against physical systems continues to grow, cyber defenses have become essential to prevent disruptions of our interconnected world.

While many think OT strictly powers industrial environments, the truth is that it has emerged from isolation and is increasingly connected with IT (Information Technology) systems, cloud, IoT and more. A large percentage of the OT environment is actually made up of IT devices, such as network switches, Windows running HMI's (Human Machine Interface) and more. The result is that threats that originate in IT systems can quickly spread to OT environments, or vice versa, leading to expensive downtime with increasingly harmful consequences, or even potentially life threatening results. This expands the attack surface which security teams need to defend. 

Risks in OT 

There are multiple risks to these environments. Devices, sensors and systems can contain potential vulnerabilities that can be exploited. This leads to a higher risk of cyberattacks. According to research by Tenable, global ICS-related software vulnerability advisories from the Cyber Infrastructure and Security Agency (CISA) doubled from 185 to 370 in the four-year period between 2020 and 2023, and increased nearly 300% over the last decade - from a starting point of just 95 advisories in 2014.

Understanding the risks of both the true OT devices and IT devices in this domain is essential and requires action to secure them. Also, in the context of an increasing number of OT components linked to the infrastructure, combined with an increasing number of partners, and suppliers which are part of the ecosystem, one of the key challenges is to get the full visibility of all OT assets to protect and monitor them. 

In addition, regulatory requirements are in force within the UK including the Cyber Assessment Framework (CAF) and NIS2 Directive within Europe that are driving OT security projects. 

Thales Cyber Range

Thales describes itself as an engineering company that is also engaged in consultancy. This gives Thales a great insight; it can not only secure systems for UK organizations and worldwide, but also provides the knowledge of how to build and integrate them. 

Thales first opened the National Digital Exploitation Centre in January 2019, in an effort to secure OT. Over the years the site has evolved to become a research and development center for OT security and also expanded with additional projects and equipment to become the Thales ICS Lab. The site now hosts a ‘cyber range’ testing facility and education center which helps visitors understand OT environments and the impact that equipment can simultaneously have on physical safety and cybersecurity.

Speaking about the site today, Chris Hilbourne, Portfolio Manager for Cyber Technology Services at Thales explained, “The lab is a mix of both physical and typical IT equipment. On the physical side it encompasses robotic arms and conveyor belts, valves and other types of equipment you’d expect to have in industrial environments and critical infrastructure. This is supplemented with HR, accounting and other traditional IT systems that can be added, bringing the two typical environments together that lead to the other being compromised.”

The cyber lab is a virtualized supercomputer that blends together physical and computing technology combined with a simulated control room and Security Operations Centre (SOC). Cyberattack simulations and exercises can be run against typical ‘real world’ scenarios — be it a power plant or manufacturing line, to determine and understand the implications in a controlled setting.

Thales collaboration with Tenable

And that’s where Tenable comes in, providing holistic visibility into assets across IT and OT environments. Tenable OT Security is an industrial security solution for the modern industrial enterprise that identifies assets in the OT environment, communicates risk, prioritizes action and enables IT and OT security teams to work better together.

Speaking of Tenable’s role in these simulations, Chris Hilbourne adds, “There are a number of competitors in this space but we recognize that Thales’ customers will be working with Tenable. It’s vital that we include Tenable within the scenarios we offer.”

On a daily basis, threat actors find creative ways to disrupt businesses through non-traditional paths. Risk doesn’t end at IT. Visitors to the Ebbw Vale campus will be able to test Tenable’s comprehensive set of security tools and reports in a virtualized environment. This allows them to experience how Tenable OT Security provides unmatched visibility across IT and OT security operations to deliver deep situational awareness across all global sites and their respective assets — from Windows servers to PLC backplanes — in a single interface.

The partnership between Thales and Tenable is a testament to our better together approach. We look forward to collaborating further, helping our joint customers understand their complex infrastructure. To experience the Ebbw Vale ICS Lab for yourself and discover the power of OT security, you can contact [email protected] to arrange a visit.

As we continue to pioneer solutions in this domain, it becomes abundantly clear that the future of cybersecurity lies in collaborative, integrated efforts. With Thales and Tenable's innovative approach, we're not just anticipating the future, we're actively shaping it.

Learn more:

Chris Baker

Chris Baker

Chris Baker joined Tenable in 2021 as part of the EMEA OT security specialist team supporting customers on their OT security journey. Prior to joining Tenable, Chris worked for global cybersecurity vendor Trend Micro focusing on managing some of its largest customers in the industrial and manufacturing verticals.


文章来源: https://www.tenable.com/blog/tenable-and-thales-collaborate-to-provide-cyber-defense-simulations-to-better-secure
如有侵权请联系:admin#unsafe.sh