The Case of the Connected Factory: New OT Labs Uncover the Dark Side of Automation
It’s been a long year on the beat. The IT side of the cyber city gets all the headlines, but the real trouble – the deep, dark stuff that keeps CISOs up at night – is happening behind locked fences in the operational technology (OT) district. That’s where the trains run, the water flows, and the lights stay on. It’s vulnerable, and Immersive is opening up a new file on the case. I sat down with SamMaesschalck, our OT subject matter expert, and James Harris, his number two on the build, to shine a flashlight on the new OT labs dropping this October. In the labs, you’ll get a hands-on look at the characteristics and vulnerabilities that define the real world of industrial control. 1. The score: Breaking the machine When you talk about OT security, you’ll be looking at human-machine interfaces (HMIs) and programmable logic controllers (PLCs). These are the screens and brains of the factory floor, and they’ve been getting a serious inspection. Our experts confirmed that OT penetration testing is an emerging field, with companies becoming “more open to the fact. They’re saying, ‘Let's see what an attacker could do in our environment’.” The Hack Your First HMI lab collection is a key part of our latest release. It includes six labs dedicated to the art of the break-in. “That’s the kind of collection that I focused on,” James told me. “I was looking at the different ways that you can break an HMI or get it to display information that’s not necessarily true.” The motivation? The legendary Stuxnet attack. Stuxnet is a malicious computer worm that reportedly compromised Iranian PLCs and caused substantial damage to Iran’s nuclear program in 2010. As James explains: “Part of the attack was about creating a display so engineers think everything is okay, while behind the scenes everything’s chaotic and spluttering into pieces.” These labs teach you about HMI discovery, exploitation, and even how to execute machine-in-the-middle (MITM) attacks to report false values. It’s about putting the operator in a compromised position. 2. The rulebook: Making GRC fun (seriously) Every detective knows the paperwork is the worst part of the job. In OT, that paperwork is GRC (governance, risk, and compliance), specifically the ISA/IEC 62443 fundamentals. James echoed what most of us were thinking: “GRC is boring. I like breaking stuff, whereas Sam was more than happy to write thorough GRC labs, which made me very relieved”. But Sam also found a way to make the necessary standards interesting, if not exactly thrilling. In addition to sharing that he “did really enjoy the GRC labs”, he also “tried to make it as fun as possible”. How fun? “I did manage to get some Fallout image art in the labs.” The result is a six-lab collection that cuts through the dry text to cover the core focus areas and framework structure of the standards, bridging the gap between high-level policy and hands-on application. 3. The rail line incident: A crisis on the tracks One new release stands out for its sheer, high-stakes drama: a Crisis Simulation built around the UK rail sector, which has “sprawling ramifications”. Sam outlined the grim morning in the scenario: “Suddenly, there are a lot of logs. There’s been a firmware download to a number of trains, but the firmware wasn’t approved”. In a rail environment, if one train is blocked, it has lasting effects on the entire railway. The Crisis Sim explores the tough decisions when you have to prioritize the safety of the passengers. Accompanying the Crisis Sim is a new rail content collection. While it’s currently theory-based, it covers the essential legislation, vulnerabilities, and high-level concepts for those working on PI displays and the ECTS (European Train Control System). The detective’s final note Whether you’re in a trench coat trying to crack the code or an engineer trying to keep the lights on, the new labs are all about hands-on experience. As James put it, working in OT is a unique challenge: “Having a job where you can play with train sets for a living is pretty cool”. The case file is open. Grab your license – or your virtual Siemens hardware – and get ready to learn what happens when the digital world clashes with the physical. The new labs are live now. SamDickison, signing off... Links to labs: Hack Your First HMI: https://immersivelabs.online/series/hack-your-first-hmi ISA/IEC 62443: https://immersivelabs.online/series/isa-iec-62443-fundamentals Intro to Rail Sector OT: https://immersivelabs.online/series/ot-rail-sector OT labs are only available to organisations that have the OT license.October is here! Prepare for Cybersecurity Awareness Month with Immersive 🎃
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. What’s on at Immersive this Cybersecurity Awareness Month 📆 Oct 1st Whitepaper: GenAI’s Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Master’s Trick or Treat Challenges and Labs Trick or Treat on Specter Street 👻 Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything we’ve encountered before. Each week throughout October, we’ll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations 🤖 Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Master’s Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat 🎃 Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Master’s game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, we’re shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAI’s Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes 🏆 We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Let’s make this the most secure October yet!Supercharge your cybersecurity skills development: Immersive integrates with Degreed
In this blog post, I explore benefits of the integration, what it means for you, and how you can leverage it to build a world-class cybersecurity team. Seamless access to Immersive content Accessing Immersive Labs' extensive catalog of labs is now easier than ever. We've integrated directly with Degreed's file transfer protocol (FTP), allowing you to browse and select from our entire library of practical cybersecurity challenges directly with the Degreed platform. This streamlined access simplifies the learning journey and encourages continuous skills development. Track progress and demonstrate impact with xAPI Demonstrating the impact of your learning initiatives is crucial. That's why we've implemented xAPI integration. As your team completes Immersive Labs exercises, detailed completion records are automatically sent to Degreed. This provides valuable insights into individual and team progress, allowing you to identify skill gaps, track improvement over time, and measure the effectiveness of your cybersecurity training programs. With xAPI, you can clearly view your team’s evolving skillset and make data-driven decisions for future training investments. What this means for you: Personalized learning: Combine Immersive Labs' hands-on exercises with Degreed's personalized learning paths to create a truly tailored skills development experience for each team member. Streamlined workflow: Access and launch Immersive Labs content directly within Degreed, eliminating the need to navigate between different platforms. Data-driven insights: Leverage xAPI integration to track progress, identify skill gaps, and measure the impact of your cybersecurity training programs. Enhanced engagement: Keep your team motivated and engaged with interactive, hands-on labs delivered seamlessly through the Degreed platform. Improved skills development: Accelerate the development of critical cybersecurity skills and build a more resilient and capable workforce. How it works: The integration is designed to be as seamless as possible. Your Degreed administrator will configure the connection to Immersive Labs via FTPs. Once configured, the Immersive Labs catalog will be available within Degreed. Learners can then discover and engage with labs directly within their Degreed learning paths. Behind the scenes, xAPI ensures that all learning activity is tracked and reported back to Degreed. Getting started: If you're an existing Immersive Labs and Degreed customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling the integration as it’s available to all Immersive Labs customers. They will guide you through the setup process and answer any questions you may have. The future of cybersecurity skills development is here The Immersive Labs and Degreed integration represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see its impact on your organization's cybersecurity posture. Share your thoughts While we look to expand the platforms we integrate into, we're eager to hear your perspective! Comment below with your questions, ideas, and how you plan to use this integration as well as other integrations you'd like to see.Elevate your cybersecurity training: Immersive now integrates with Cornerstone LMS
This integration combines the hands-on, engaging learning experience of Immersive Labs with the robust learning management capabilities of Cornerstone, creating a comprehensive and efficient solution for your cybersecurity training needs. What this integration means for you: Streamlined access to Immersive Labs content: Access our extensive library of labs directly within Cornerstone LMS. This allows your learners to seamlessly launch Immersive Labs and engage with the training they need, all within their familiar Cornerstone environment. Automated tracking and reporting: Leveraging the xAPI (Tin Can API) specification, the integration automatically sends detailed completion records from Immersive Labs to Cornerstone. This allows you to track learner progress, identify skill gaps, and measure the effectiveness of your cybersecurity training programs, all within your familiar Cornerstone environment. Enhanced learning experience: Provide your teams with engaging, hands-on cybersecurity training that translates directly to real-world skills. Immersive Labs' interactive simulations and challenges keep learners motivated and invested in their development. Improved efficiency: Reduce administrative overhead by automating tasks such as user provisioning, content updates, and progress tracking. This frees up your learning and development team to focus on more strategic initiatives. Data-driven insights: Gain valuable data on learner performance and skill development, enabling you to make informed decisions about future training investments and tailor learning paths to individual needs. How it works: The integration is designed for simplicity and ease of use. Your Cornerstone administrator will configure the connection to Immersive Labs, enabling the seamless flow of data between the two platforms. Learners can then access and launch Immersive Labs content directly from their Cornerstone learning paths. xAPI ensures that all learning activity is automatically tracked and reported back to Cornerstone, providing a comprehensive view of learner progress and skill development. Getting started: If you're an existing Immersive Labs and Cornerstone customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling this integration. They’ll guide you through the setup process and answer your questions. The power of connected learning: The Immersive Labs and Cornerstone integration represents a significant advancement in cybersecurity skills development. By connecting engaging, hands-on learning experiences with robust learning management capabilities, we're empowering organizations to build a more skilled and resilient cybersecurity workforce. Share your thoughts This is just the beginning! We're committed to expanding our integrations to provide you with an entirely seamless learning experience. Share your thoughts on this integration and tell us which platforms you'd like to see us connect with next in the comments below.Enhancing Cyber Resilience through Data Insights: Immersive’s REST API
Seamless access to your Immersive data Our REST API offers easy access to your Immersive data. Once authenticated, you can access your organization’s data by making REST API requests to any of the available endpoints. These endpoints can be reviewed in our REST API documentation. What this means for you Data at speed – Your Immersive data is just a request away. With each API request, you can quickly gather and manipulate your data as needed. Flexible design – Utilizing our REST API offers significant control over the process of transmitting data from Immersive to a target system of choice. System integration – Each API response will be received as JSON formatted data, allowing straightforward integration with BI systems, databases, or any other target system. How it works API requests to our various available endpoints allow you to seamlessly pull Immersive data and relay it to your system of choice. Gathering data via the REST API offers unparalleled flexibility and control over when and how your data is transmitted. Who can do this To generate an API key and secret token, you must have an administrator account in Immersive. If you’re interested in working with the REST API, but don’t have the proper permissions to initiate the process, please reach out to an Immersive administrator within your organization. Getting started From an Immersive administrator account, navigate to the Platform Settings sections within the Manage tab at the top of your screen. Once in the platform settings, navigate to API within the sidebar. You should then see the option to Generate API key. Select this option and add an appropriate label that describes the intended use. After clicking Generate, you should see an Access key and Secret token that can be copied and utilized for the initial authentication. Once you’ve generated your Access key and Secret token, please follow our REST API documentation and API Guide for authentication, requests, and pagination guidance. The documentation also includes each of the available API endpoints. If you have any questions or issues as you implement your API connection, please contact our support team, and we will help ensure a smooth integration. The future of cybersecurity skills development is here The Immersive REST API represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see the impact it has on your organization's cybersecurity posture. Share your thoughts While we continue to develop this powerful integration, we would love to hear from you! If you have specific use cases for the Immersive REST API, please let us know in the comments and our team can look into the feasibility of each possible enhancement. We're on a mission to enable more integrations, so tell us, which other integrations would you like to see this year?
