I recently attended the opening of Thales’ new Cyber Integration and Innovation Centre in the UK. The centre is essentially a battle lab for improving the security of critical national infrastructure, as well as government and private sector organizations. Client systems are tested against a battery of open source tools and enterprise-grade security software by a team of highly-skilled technicians. Most pertinently, the lab includes a simulation of an industrial control room, complete with PLCs and SCADA systems (interchangeable with any other ICS the client may be using). Cyber attacks were run from ancillary rooms where Thales experts hijacked the ‘on-premise’ security equipment (camera feeds and the like) and launched DoS attacks to disrupt the control systems. The group stressed the importance of having the right tools to understand what was happening to the system, and good visualization of the massive amounts of data going through systems therefore plays quite an important role in being able to pick out suspicious activity from normal, everyday operations. Part of being able to counter attacks was the ability to effectively understand when an attack was occurring, and estimate the type and magnitude of the threat in order to properly respond.
The lab makes use of a number of tools and encourages its consultants to research and test as many different potential attack vectors as possible. One of the consultants was testing SNORT on a Raspberry Pi; providing an inkling of future technology that may one day be used in corporate settings perhaps? Thales is also heavily involved in information sharing regarding vulnerabilities in public private sector partnerships, with both government and academic bodies. The group offers a rare insight into how penetration testing and response mechanisms might work in an organizational context and for industrial control systems. Most importantly, the company has made a strong investment in graduates for the new centre, with about a fifth of the dedicated consultants for the battle lab being recent university graduates. There is no doubt that Thales has a strong knowledge base in the area: they know what is currently needed at the critical infrastructure level in terms of cybersecurity, and are well placed to be able to respond to that demand.