Dragos and Splunk have released the latest Boss of the SOC (BOTS), “1UP Your ICS/OT Cybersecurity Team,” a virtual industrial control system (ICS) and operational technology (OT) challenge developed to provide a fun and engaging way cybersecurity teams can enhance their capabilities.
What kind of challenge is Boss of the SOC? BOTS is a blue-team capture-the-flag (CTF) activity where participants use Splunk’s BOTS platform to answer questions about cybersecurity incidents that have occurred in a fictitious real-world environment.
Should you play? With increased connectivity between IT and OT networks, many industrial organizations are facing a skills gap between IT and OT security teams. If you are in IT Security and wanting to learn more about industrial cybersecurity – or are already in ICS/OT and are looking to test and enhance your skills within Splunk, BOTS is for you.
Addressing the IT/OT Cybersecurity Skills Gap
As organizations struggle to stay ahead of rising cybersecurity risks, one challenge they face are the evolving strategies between the IT and OT security teams.
According to the Ponemon report, “2021 State of Industrial Cybersecurity”: as companies push towards digital transformation, only 21% of companies surveyed said they achieved ICS/OT cybersecurity maturity, citing lack of skills and training as a primary contributing factor.
To address this, BOTS users can now participate in this hands-on challenge that is designed to help participants learn and navigate the differences between IT and ICS/OT cybersecurity. This scenario introduces industrial cybersecurity topics, such as control logic modifications, maintaining persistence inside networks, implementing command & control (C2), and more. As IT and OT cybersecurity teams work through the scenarios, they will develop an understanding of some key challenges related to protecting industrial networks.
IT and OT networks are increasingly interconnected to support digital transformation efforts. The network diagram below illustrates that concept with the typical IT levels 3.5 to 5 that house the SOC, IT Security, servers, data centers, and remote access; and the OT levels 0 to 3 that cover operations, control, and physical processes.
Bridging the divide between IT and OT teams has become a significant challenge, as some organizations may plan to manage OT under a general IT umbrella. This solution doesn’t address the fundamental differences between the goals and problems of a corporate IT environment, like data safety and security, and the industrial OT environments where human safety, loss of physical production, and facility shutdowns are real risks, and should be managed separately.
Together, Dragos and Splunk have been working to provide customers with a deeper view of data collected from both IT and OT networks. Security teams at industrial organizations can now access ICS datasets from Dragos alongside the enterprise IT datasets collected in Splunk, providing analysts with improved overarching situational awareness. Dragos solutions integrate with Splunk to provide users with improved processes to ensure secure industrial operations.
The goal of this BOTS is to provide a cybersecurity gamification experience to improve skills and training for ICS practitioners, working with real-world data and incidents in a safe and fun way.
Play and Win Your Boss of the SOC T-Shirt
With this launch, the first 50 players based in the U.S. to score 6,000+ in Scenario 1 will receive a custom t-shirt – giving you ultimate BOTS bragging rights. Then keep an eye out for the next ICS/OT module in the series — it’s coming soon!
Ready to play? Sign up free at bots.splunk.com, then click on the Dragos “Partner Experience” or “1UP Your ICS/OT Cybersecurity Team” to get started.
Remember to check ‘opt-in’ in the module to be eligible to receive the custom t-shirt.
Ready to put your insights into action?
Take the next steps and contact our team today.