The Australian Defence Force does it. So does the Australian Tax Office and the Department of Human Services. And now, red teaming has spread to the corporate world with CIOs and CISOs increasingly turning to the practice to assess their organisations’ cyber resiliency.

Red teaming exercises, initially used by the military to test their defence readiness against active threats, are simulated, targeted cyber-attacks carried out by an elite red team unit that mimics the tactics, techniques and procedures (TTPs) used by threat actors.

Whether the threat actor is a nation state, criminal group, or hacktivist, the red team executes a full simulated cyber-attack and an opposing team – the blue team – defends against the attack. The exercise enables the organisation to see how they would respond, test their defences and assess capabilities without the risk and collateral damage associated with a real cyber attack.

A little over two years ago, organisations worldwide received a sobering wakeup call. In May 2017, the massive WannaCry and NotPetya cyberattacks cleaved a path of indiscriminate destruction across the globe. These, and other cyberattacks since, not only caused catastrophic business interruption to numerous organisations from hospitals to financial institutions but also highlighted that manufacturers, once perceived as low risk, are also now a prime target for cybercriminals.

One reason is that while data-rich industries such as financial services and retail are hardening their security posture, many manufacturers are using legacy manufacturing systems and industrial operational technology (OT) devices designed more for productivity and safety and less for security – effectively making their facilities enticing targets for cybercriminals.

The nature of these operational environments also makes it inherently more difficult to upgrade and patch these devices due to the disruption they may have on production lines, and as such their risk exposure to compromise by attackers may be larger than usual.

Another is that motives of threat actors are now more complex and range from money to competitive advantage to strategic disruption. Cybercriminals, for example, are gaining access to and hiding inside networks to spy and steal intellectual property (IP) costing manufacturers years of IP and competitive advantage.

Propriety information (29%) ranked second in the type of data targeted by cybercriminals in the manufacturing industry, the 2019 Trustwave Global Security Report found, behind financial and user credentials (43%).

In the rapidly evolving cyber landscape, red teaming can help manufacturers lessen their cybersecurity risks in a number of ways.

Showing how things could go wrong before it goes wrong

The red team objective is to demonstrate how bad things can get if a threat actor succeeded. Could threat actors deploy malware that disrupts a manufacturer’s production line? Could they steal trade secrets from a digital vault, could they cripple the business and affect product workflow and supply chain?

Red team exercises can show the organisation if they are vulnerable to these risks without causing the damage associated with them. The activities allow security teams to react to a perceived attack and give them the experience of handling a real attack.

Understanding resilience against a specific threat

Red team exercises are simulations of specific attacks to help a manufacturer understand their resilience against a specific attack or threat actor group. These simulations, if repeated over time, allow the organisation to baseline the effectiveness of controls, and measure its improvement or decline.

Manufacturers require their operations to run like clockwork, so running a simulation to determine the many ways that operations of production lines, for example, could be stopped unexpectedly, would be a valuable way to assess just how ready the organisation is in preventing, reacting and responding to these specific threats.

Identifying security gaps beyond technology

People generally perceive cybersecurity to be a technology problem. This is not the case. Cybersecurity is also a people and process problem.

People need to be armed with the knowledge to prevent themselves from becoming a victim and processes need to be established so people know what they can do to avoid or limit the impact of a cyberattack. Combined with technology, people and process are intertwined and can either prevent or allow an organisation to be susceptible to a cyberattack.

Red teaming also simulates attacks against people. The exercises test if employees are susceptible to being tricked into opening malicious files, tricked into providing someone with information they shouldn’t have given, or to test if the way they work can be abused to achieve the larger goal of the attacker’s objective.

Red teaming helps guide decision-making

Cybersecurity is a large part of risk management. Cybersecurity risks can be complicated and come with complex solutions. With a finite budget and limited resources, red teaming can help in identifying the best way to prioritise and focus efforts to protect an organisation.

Red teaming assists with guiding an organisation’s decision-making. The exercise helps organisations understand how they are exposed, where critical control failures are, and if there are significant, actionable threats against the production line.

With the knowledge from this exercise, the results can then be used to guide where an organisation should prioritise its efforts to enhance their resilience to cyberattacks.

Kevin Tran is Director, SpiderLabs at Trustwave APJ.


Related news & editorials

  1. 29.08.2019
    by      In
    Manufacturing might employ fewer people and contribute less to GDP, but it’s still a vital cog in Australia’s economy, says Alfred Chown.
    It was the American satirist and author Mark Twain who famously quipped “that rumours of my death have been greatly exaggerated”. The same can be said of... Read More
  2. 27.08.2019
    by      In
    New developments are continuously modifying the management of warehousing systems in Australia. Advances in computing systems and software are allowing instantaneous record-keeping transactions. An example of these developments is the automatic registering of products and prices at grocery stores.... Read More
  3. 22.08.2019
    by      In
    Some people refer to intuition as ‘the sixth sense’, alongside the traditional sight, hearing, smell, taste and touch. Similarly, additive manufacturing is no longer only in three dimensions, but four, as a new manufacturing technique adds an extra dimension to products with applications as varied... Read More
  4. 06.08.2019
    by      In
    When compressing air liquid is also brought into the air stream. As the liquid cools, it condenses with the compressed air that is delivered directly to your tool or application.
    But liquid water in pneumatic systems creates problems. Bacteria growth, rust and corrosion affect how the machine... Read More