Applied Risk released its TactICS suite that will provide ICS and OT professionals with higher cybersecurity awareness and skills for interacting with OT environments. It enables the key principle of continuous learning to keep up pace with the rapidly changing threat landscape and delivers a comprehensive approach that stimulates OT security awareness and skills not only for teams working with OT infrastructures but also beyond the obvious groups.
The TactICS suite has been designed as a multi-offering approach which includes awareness training & gamification, hands-on scenario-based exercises, incident Response & Simulation, CyberRange and Lab Training, industry dedicated modules for IMO, NIS EU Directive, IEC 62443 and more to help ensure that OT security becomes a ‘core consideration’ at every level. The solutions are specially designed for engineers and operators, management, specialists, and technical personnel to create an ecosystem that addresses various requirements and provides a solid and sustainable OT security company culture throughout the entire organisation.
TactICS – Applied Risk’s next generation of awareness and training solutions – was born to support the needed shift for the protection of the operational infrastructure that supports lives daily. Using its cross-industry global experience, Applied Risk identified room for improvement for secure behaviour and a growing trend for lack of OT security awareness. This led the company to focus on developing a centralised solution to engage, educate and encourage the sharing of intrinsic motivation towards OT security.
“TactICS supports improvements to the root cause to prevent the incidents which can disrupt the continuity of our supply chains,” said Jalal Bouhdada, founder and CEO at Applied Risk. “It’s an OT learning eco-system. Prevention (beyond the obvious) is the best cure – not just focussing on the low hanging fruit but pre-emptively up-skilling operations staff to ensure the human line of the defence is your best strategy,” he added.
Applied Risk saw a possibility, as the industry lacks a more comprehensive approach that goes beyond the classroom. Its program touches on workforce intrinsic motivation in OT security through awareness, change of behaviour, and effective information/knowledge sharing.
Based out of the Netherlands, Applied Risk weaves together its expertise in cybersecurity and engineering, to deliver industrial and OT assets with risk assessment, vulnerability, and training solutions. The company’s advanced security team and experienced advisory professionals provide research-based and comprehensive OT cybersecurity solutions to its clients. This expertise ensures up-to-date training related to emerging threats and attack techniques.
Applied Risk offers a host of industrial cybersecurity programs, which can be tailor-made to meet organisational challenges. Its security training programs assist management, operators, and security personnel to understand emerging industrial cybersecurity threats and methods of reducing risk. The TactICS OT Security Training Suite support those initiatives and help organisations to springboard their security maturity to a greater level.
“TactICS enables the key principle of continuous learning to keep up pace with the rapidly changing threat landscape. It emphasises the importance of the human factor in protecting the OT and enables learning with an innovative approach,” Bouhdada said.
“TactICS particularly embraces the emerging zero trust principles. Nothing and nobody can be trusted in critical IT and OT domains unless users are explicitly authenticated and authorised. Awareness of the zero-trust principles, the behavioural and technical consequences and what we can do is well embed in the TactICS suite,” he added.
Made up of various solutions, the TactICS suite currently has three training programs, where two of them are presential two-day courses and one online, one campaign solution, and one simulation module.
The ‘OT Security Essentials’ course is a two-day presential course targeted at audiences in need of top-level knowledge such as managers. It aims at providing trainees ways to better recognize cybersecurity threats to the OT domain, break down and understand real-world incidents and case studies, and address OT security risks.
The ‘Advanced Hacking Training’ program, also a two-day presential course is an intensive training meant to up-skill technical employees responsible for securing mission-critical OT systems. The program provides trainees with real-life attack experiences, trains offensive security skills with hands-on lab exercises, and deep dives into industrial cyberattack methodologies.
On a corporate level, the ‘Online OT Security Awareness’ course is a customisable e-learning solution tailored to an organisations unique branding, policies, and procedures. It includes innovative learning approaches such as gamification and simulations, and flexible and modular programs reaching various roles and knowledge levels.
A more comprehensive program, the ‘OT Security Awareness Campaigns’ are designed to drive measurable short, medium, and long-term knowledge gains, awareness, and behavioural change for staff who interact with OT environments. The blended learning approach includes in-house workshops, communication activities, eLearning, gamification, and video.
Finally, the ‘OT Cyber Threat CADET,’ is a self-contained training kit to be used in a classroom or private learning setting. The all-in-one physical learning solution allows OT security staff to train and develop cybersecurity skills in a no-risk, small-scale production environment. It enables teams to understand the approach from the attacker’s perspective with included step-by-step lab tutorials.