Register Now for Online Training and get a GIAC Cert Attempt Included or $350 Off

NetWars: ICS NetWars



ICS NetWars is a suite of hands-on, interactive learning scenarios that enable Operational Technology (OT) security professionals to develop and master the real-world, in-depth skills they need to defend real-time systems. Designed to be accessible to a broad level of player skill ranges, levels 1 and 2 were introduced in 2017 and levels 3 to 4 were introduced in March at the ICS Summit Orlando 2018.



"My favorite part of ICS NetWars was that both IT and OT were in one game. Nice job!" - Mike Hoffman

ICS NetWars Scenario

The Delicious Edible Foods (DEF) is a fictional multinational food manufacturing company specializing in cookie and snack food products. The company utilizes highly automated and secret manufacturing processes which have contributed to extraordinary growth and profits. Recently, DEF has begun receiving customer complaints about "mixed bag" packaging which included random cookie types mixed into packages where they didn't belong presenting serious health risks to consumers with food allergies. An FDA investigation is underway and lawsuits have already been filed. Your mission: identify if DEF has been compromised, defend the operation environment and reinstate confidence in the safety and quality of the process.

Level 1

  • ICS NetWars provides participants with a challenging scenario facing an operational process control environment. Players will be challenged to develop a full understanding of the environment, equipment, infrastructure, and vulnerabilities throughout Level 1 play.

Level 2

  • As players enter into Level 2, they will access 100's of data artifacts from within the simulated process environment and will need to perform analysis, forensics, and incident response activities in order to complete Level 2.

Level 3

  • Players are provided a series of host and network data sets as well as virtual machines to use as they perform direct analysis of ICS specific adversary activity within a process environment.

Level 4

  • Players will directly interact with a live process environment within the DEF cookie factory, as they work to validate and verify the integrity of the control system environment.

Level 5

  • Factory vs factory competition model will be developed at a later date.

Adversary Actions

  • Spear Phishing
  • Command and Control
  • Credential theft
  • Lateral and vertical movement
  • Security configuration modification
  • Process manipulation
  • ICS specific malware

Blue Team (Defender) Actions

Participants play the role of Incident Responder analyzing collected artifacts including system event and security logs, firewall logs, network diagrams, system as-built information and many other items to answer a series of questions. The goal is to identify what happened, how to stop the damage, and how to restore consistency and reliability to the process.

Laptop Requirements

  • 64-bit system
  • Laptop with at least one USB port
  • Laptop must include Wireless capabilities
  • Latest VMware Player or admin privileges with the ability to install VMplayer and enable VT support in BIOS
  • Ability to disable all security software on your laptop, including antivirus and/or firewalls
  • At least 30 GB of hard-drive space (50 GB recommended)
  • At least 8 GB of RAM
  • Laptop with Windows 7 or higher installed on the host or in a Virtual Machine is helpful for many questions

For more information about ICS NetWars email us at ics@sans.org.

Upcoming Events
Event Location Dates
SANS Cyber Defense Initiative 2018 Washington, DC December 16, 2018  
ICS Security Summit & Training 2019 Orlando, FL March 22, 2019 -
March 23, 2019
 
SANS Security West 2019 San Diego, CA May 12, 2019 -
May 13, 2019
 
SANS ICS Europe 2019 Munich, June 27, 2019 -
June 28, 2019