It’s been a long year on the beat. The IT side of the cyber city gets all the headlines, but the real trouble – the deep, dark stuff that keeps CISOs up at night – is happening behind locked fences in the operational technology (OT) district. That’s where the trains run, the water flows, and the lights stay on. It’s vulnerable, and Immersive is opening up a new file on the case.
I sat down with SamMaesschalck, our OT subject matter expert, and James Harris, his number two on the build, to shine a flashlight on the new OT labs dropping this October. In the labs, you’ll get a hands-on look at the characteristics and vulnerabilities that define the real world of industrial control.
1. The score: Breaking the machine
When you talk about OT security, you’ll be looking at human-machine interfaces (HMIs) and programmable logic controllers (PLCs). These are the screens and brains of the factory floor, and they’ve been getting a serious inspection.
Our experts confirmed that OT penetration testing is an emerging field, with companies becoming “more open to the fact. They’re saying, ‘Let's see what an attacker could do in our environment’.”
The Hack Your First HMI lab collection is a key part of our latest release. It includes six labs dedicated to the art of the break-in.
“That’s the kind of collection that I focused on,” James told me. “I was looking at the different ways that you can break an HMI or get it to display information that’s not necessarily true.”
The motivation? The legendary Stuxnet attack. Stuxnet is a malicious computer worm that reportedly compromised Iranian PLCs and caused substantial damage to Iran’s nuclear program in 2010. As James explains:
“Part of the attack was about creating a display so engineers think everything is okay, while behind the scenes everything’s chaotic and spluttering into pieces.”
These labs teach you about HMI discovery, exploitation, and even how to execute machine-in-the-middle (MITM) attacks to report false values. It’s about putting the operator in a compromised position.
2. The rulebook: Making GRC fun (seriously)
Every detective knows the paperwork is the worst part of the job. In OT, that paperwork is GRC (governance, risk, and compliance), specifically the ISA/IEC 62443 fundamentals.
James echoed what most of us were thinking: “GRC is boring. I like breaking stuff, whereas Sam was more than happy to write thorough GRC labs, which made me very relieved”.
But Sam also found a way to make the necessary standards interesting, if not exactly thrilling. In addition to sharing that he “did really enjoy the GRC labs”, he also “tried to make it as fun as possible”. How fun? “I did manage to get some Fallout image art in the labs.”
The result is a six-lab collection that cuts through the dry text to cover the core focus areas and framework structure of the standards, bridging the gap between high-level policy and hands-on application.
3. The rail line incident: A crisis on the tracks
One new release stands out for its sheer, high-stakes drama: a Crisis Simulation built around the UK rail sector, which has “sprawling ramifications”.
Sam outlined the grim morning in the scenario: “Suddenly, there are a lot of logs. There’s been a firmware download to a number of trains, but the firmware wasn’t approved”.
In a rail environment, if one train is blocked, it has lasting effects on the entire railway. The Crisis Sim explores the tough decisions when you have to prioritize the safety of the passengers.
Accompanying the Crisis Sim is a new rail content collection. While it’s currently theory-based, it covers the essential legislation, vulnerabilities, and high-level concepts for those working on PI displays and the ECTS (European Train Control System).
The detective’s final note
Whether you’re in a trench coat trying to crack the code or an engineer trying to keep the lights on, the new labs are all about hands-on experience.
As James put it, working in OT is a unique challenge: “Having a job where you can play with train sets for a living is pretty cool”.
The case file is open. Grab your license – or your virtual Siemens hardware – and get ready to learn what happens when the digital world clashes with the physical. The new labs are live now.
SamDickison, signing off...
Links to labs:
- Hack Your First HMI: https://immersivelabs.online/series/hack-your-first-hmi
- ISA/IEC 62443: https://immersivelabs.online/series/isa-iec-62443-fundamentals
- Intro to Rail Sector OT: https://immersivelabs.online/series/ot-rail-sector
OT labs are only available to organisations that have the OT license.
Community Manager