Advanced Cyber Training for the Utility Industry

CYRIN® is the online, always on, always available Cyber Training Platform. We've trained thousands of people how to monitor and keep their networks safe.

CYRIN is a next-generation cyber-range where you use real tools, real attacks, and real scenarios to hone your skills in a virtual environment. Secure a Linux server system, analyze the security of a web application, or respond to a denial of service attack in a controlled environment. Practice on your own schedule from within your web browser—no custom software or travel necessary!
Now with new programs, new virtual attacks, specifically designed for the Utility Industry.

We offer three levels of packages for the utility industry, ranging from labs to reinforce skills with specific software packages to full ranges consisting of IT/OT networks. Want to customize our ranges to mimic your organization's setup for increased fidelity?
Contact info@cyrintraining.com for a quote on custom development.

Help your IT staff train and sharpen their cybersecurity skills using exercises and attack scenarios designed specifically for the Utility Industry. Start with training on commonly used attack and defense tools and techniques, conduct an investigation to determine who is leaking information, and finish with scenarios where you will use your skills to neutralize an attack on a SCADA system.

Tailor the training to the needs of your staff by picking up to 10 labs from the list below and enjoy six months of access at a discounted, package price: $695.  As always, volume discounts are available. And remember, the Getting Started with CYRIN lab is included in your package at no cost. We suggest your staff members do:

  1. the perparatory labs,
  2. one or both of the cybersecurity exercises, and
  3. two or three of the SCADA system cyber-attacks.

We recommend staff do the preparatory labs on their own. They can do the cybersecurity and SCADA system exercises on their own or in small groups of two to four people. If you are looking for a fun team-building exercise, add the Red vs. Blue Team lab to your package.

Preparatory Labs

  1. Identifying Live Machines and Services on an Unknown Network
    Students will use tools such as nmap, unicornscan, and fping to identify systems on a local network, including both Unix and Windows targets. Students will identify the operating systems these systems are running, as well as the types of network services they are providing.
  2. Web Application Security Analysis using Nikto
    Students will use the Nikto tool to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.
  3. Introduction to Metasploit
    Students will gain experience with the widely-used open source Metasploit® framework and related tools for exploiting vulnerable software and insecure system configurations. The exercise leads students through the entire process, from scanning the network to getting remote shells and accessing sensitive information. By seeing the tools available to potential attackers, students will gain a greater appreciation for the need to keep software up-to-date and securely configured.
  4. Web Application Security Analysis using OWASP-ZAP
    Students will use the OWASP program’s ZAP tool suite from within Kali Linux to scan multiple web services and document vulnerabilities. Students will see ZAP in action on a vulnerable web site where entire database tables are available to potential attackers.
  5. Web Application Security Analysis using Burp Suite
    Burp Suite is an industry standard suite of tools used by information security professionals for testing Web application security. Its tools work together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
  6. Intrusion Analysis using Network Traffic
    Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.

Cybersecurity Exercises (individual or small group exercises)

  1. Conduct a Data Leak Investigation
    Get experience conducting an internal investigation on a realistic corporate network. You are a security officer for a shipping company whose trucks have repeatedly been hijacked by a criminal organization. The criminals appear to have advance information on the routes of the trucks, despite the company changing routes frequently. Company executives suspect someone within the company is leaking truck route information to the criminals. Students will have to determine who is leaking the information, how, and to whom.
  2. Capture the Flag Scenario II
    Build on your skills from the first Capture the Flag (CTF) scenario with a new web server setup—can you gain root access on this box? This CTF scenario lets you see first-hand how an attacker could go about compromising your systems.

ICS Labs Available (individual or small group)

  1. ICS OT Man-in-the-Middle Attack
    Would you know if a device on your Operational Technology (OT) network was compromised on its way from the factory to you? Or if a contractor inadvertently installed some malware that didn't activate until months later? This scenario presents just such an attack on the OT network—one of the existing devices on the network is intercepting and modifying SCADA traffic. It could be producing false measurements, or be sending commands to an unsuspecting device on behalf of the SCADA Server!
  2. ICS IT/OT Phishing Attack
    It only takes one user clicking on a phishing e-mail to launch a devastating attack. Successful phishing attempts give an attacker access to your IT network resources, and possibly your OT network as well. This scenario presents just such an attack—one of the users on the IT side of the network has inadvertently opened a malicious e-mail attachment. What are the consequences to the IT and OT networks, and how can this be contained and neutralized?
  3. ICS OT Application-Level DoS Attack
    A Denial of Service (DoS) attack can cripple your business operations, or do even worse to your physical infrastructure. How will you find and stop such an attack? How will your personnel perform when the system is in a degraded state? This scenario presents just such an attack on the OT network—a DoS attack at the application layer, aimed at disrupting normal operations. This DoS attack takes place when a malicious entity generates a large number of connections to the server to block legitimate applications from connecting to the victim server.
  4. ICS OT Network-Level DoS Attack
    A Denial of Service (DoS) attack can cripple your business operations, or do even worse to your physical infrastructure. How will you find and stop such an attack? How will your personnel perform when the system is in a degrated state? This scenario presents just such an attack on the OT network—a DoS attack at the network layer, flooding your systems with bogus data and slowing operations to a crawl.

Red Team vs. Blue Team

Description: Test your skills against others as either an attacker attempting to compromise a system or a defender trying to prevent the attackers from doing damage. This is a head-to-head exercise, best played with two or more participants from your organization.

Prerequisites: Knowledge of attack, pen-testing, and defensive techniques on Linux systems, including web application attacks, firewall configuration, etc. Familiarity with command-line vulnerability discovery tools on Linux systems (e.g. Metasploit).

Free lab: Getting Started with CYRIN

This lab introduces key elements of the CYRIN interface that will help students get the most out of the other labs. The lab will also teach students the basics of the Linux/Unix command line (shell), Windows PowerShell and editing a text file. Some knowledge of these tools is required by most CYRIN labs.

Expected Duration

20 hours, self-paced. Pause and continue at any time.
20 CPEs awarded on successful completion.

Training Package

Level 1 includes access to the entire set of CYRIN cybersecurity labs. Currently over 30 labs are available, with more coming each quarter. Lab categories include Cyber Forensics, Secure Network Setup, and many others—see "Lab Categories" at the top of the page for a preview of each.

Each lab is approximately two hours long, self-paced. Labs can be paused, continued, or repeated at any time. CPEs awarded on successful completion of each lab.

Want to see a lab in action? Watch our live walkthrough of Level 1!

Want to try out a lab? The Web Application Security Analysis with OWASP-ZAP lab is available FREE for 30 days.

Cost for an annual subscription includes existing labs and all new labs during a 12 month period. Bulk discounts are available. Packages can be purchased by credit card or paid by invoice. Contact info@cyrintraining.com for volume discount and invoicing options.

Prerequisites

Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line, basic networking concepts (TCP/IP, DNS, etc.), and basic cyber-forensic concepts (for forensics labs).

Expected Duration

80 hours, self-paced. Pause and continue at any time.
80 CPEs awarded on successful completion.

Cost

$1995 for 1 year of access.

Included if you are a subscriber to any of the following training packages:

  • Level 2: Attack/Defense/IR Exercises & Instructional Labs
  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Training Package

Test your team's abilities with virtual capture-the-flag, defacement, and incident response scenarios! Level 2 includes all the Level 1 cybersecurity labs PLUS access to three current capture-the-flag/incident-response scenarios AND one new CTF/war-game scenario each quarter... let your team compete head-to-head in attack/defend games!

Each scenario comes with step-by-step instructions for successful attacks, or can be completed without instructions for a greater challenge!

Want to see a scenario in action? Watch our live walkthrough of Level 2!

Cost for an annual subscription includes existing labs and all new labs during a 12 month period. Bulk discounts are available. Packages can be purchased by credit card or paid by invoice. Contact info@cyrintraining.com for volume discount and invoicing options.

Prerequisites

Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.

Expected Duration

100 hours, self-paced. Pause and continue at any time.
100 CPEs awarded on successful completion.

Cost

$3995 for 1 year of access.

Included if you are a subscriber to any of the following training packages:

  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Training Package

Experience and mitigate live cyber attacks on a virtual network representing a power generation/transmission/distribution company! Each utility gets a dedicated virtual network that includes representative enterprise (IT) and operational (OT) networks. Attacks can include Internet-originating malware such as spear-phishing, insider threats, and supply chain compromises. Users sign in via a web browser, or coming in Spring 2020, can "bring their own tools" with a direct VPN connection to their exercise network.

Level 3 includes all Level 2 scenarios and Level 1 labs, PLUS four IT/OT attack scenarios with a new scenario each quarter!

Want to see a scenario in action? Watch our live walkthrough of Level 3!

Example Scenarios:

  • Man-in-the-middle attack on the OT network due to a supply chain compromise.
  • Phishing attack on the IT network that reaches the OT network.
  • Application-level denial of service attack on the OT network.
  • Network-level denial of service attack on the OT network.

Each scenario comes with step-by-step instructions for finding the source of the attack, or for a greater challenge, have your team figure it out on their own!

Cost for an annual subscription includes existing labs and all new labs during a 12 month period. Bulk discounts are available. Packages can be purchased by credit card or paid by invoice. Contact info@cyrintraining.com for volume discount and invoicing options.

Prerequisites

Familiarity with SCADA system concepts (HMI clients, PLCs, Modbus, etc.), basic networking concepts (TCP/IP, DNS, etc.), and basic network attack/defense and troubleshooting techniques.

Expected Duration

110 hours, self-paced. Pause and continue at any time.
110 CPEs awarded on successful completion.

Cost

$5995 for 1 year of access.

Training Package