The Radiflow Security Blog
CISS 2019: Where red teams and blue teams come together to protect water treatment systems
By Liron Benbenishti, Cyber Researcher, CTO Team, Radiflow
Last month I attended The International Critical Infrastructure Security Showdown (CISS) 2019 challenge as part of the Radiflow Blue team.
(You can read all about the CISS challenge in our security brief, which describes each and every attack scenario as well as Radiflow’s mitigation measures. Spoiler: The Radiflow Blue Team succeeded gloriously!)
The challenge, held at the SUTD University in Singapore, was organized by the university’s iTrust cyber security research center and sponsored by the National Research Foundation. The challenge was held at the Water treatment research lab.
To make the challenge more interesting than typical IT security challenges, all the red teams’ attacks targeted the realistic Secure Water Treatment (SWaT) test-bed, covering the actual six-stage water treatment process. This challenge format resonated with our guiding principle here at Radiflow that “OT is all about process control”.
It’s been a truly exciting experience to take part in such an educational event along with professional cyber teams from academy and industry, from around the world. The Radiflow team handled a high amount of ICS cyber-attacks, which kept us on high alert throughout the exercise.
I believe that challenges like this one are certainly one of the best ways to raise awareness of cybersecurity issues in general and the specific challenges of OT industry and water treatment operations in particular.
Some of the Singapore landmarks we got to visit after a long day of fighting malware…