Hundreds of Ukrainian cyber experts have taken part in a large-scale incident response exercise against the country’s energy grid as geopolitical tensions with Russian continue to escalate.
President Putin on Friday issued a series of security demands, including that NATO limits deployments of troops and weapons to Ukraine’s eastern border with Russia and that the country commits to never joining the military alliance.
It warned of a military crisis in the region if its demands weren’t met. Russia has already massed 100,000 troops, alongside missiles and artillery, on its side of the border.
Many Ukrainians will be thinking back nervously to December 2015 and 2016 when Russian state-backed hackers disrupted the power grid, leaving hundreds of thousands in the dark and cold of winter for several hours.
That’s likely to have informed a recent exercise in which 250 participants and 49 teams competed to fend off an attack on a fictitious energy provider after it suffered major operational technology (OT) failures, according to reports.
The hours-long exercise, which featured private industry experts and participants from universities and other institutions, focused on three key elements: finding out what had happened, ejecting the intruders and remediating affected systems.
It was apparently run using the Sans Institute’s Grid NetWars suite, designed for OT professionals to pit their wits against fictional attackers in the electricity sector.
“Grid NetWars is a suite of hands-on, interactive learning scenarios that enable OT security professionals to develop, test and master the real-world, in-depth skills they need to defend real-time systems,” Sans says of the platform. “It is designed as a challenge competition and is split into separate levels to allow players to quickly move through earlier levels based on their expertise.”
According to Sans, participants move through four levels, conducting: incident response; environment discovery, mapping, and reconnaissance; identification of adversary actions; and eradicating adversary access and recovering/restoring systems