The European Network for Cyber Security (ENCS) has launched a new Red Team/Blue Team (RTBT) cyber security training. It casts participants as hackers and defenders in a live attack scenario in the energy sector. The training is aimed at those working within the energy sector to combat cyber threats.
Unlike traditional training constrained to a set of specific scenarios, ENCS says, it has designed what it terms open-ended training, simulating a grid operator. Named Gridnet, the simulated company includes physical utility devices such as a medium voltage circuit breaker, routers, protocol gateways and protection relays. This is supplemented by a virtualised 40-substation network, a simulated grid environment and a SCADA network, to name just a few features.
Michael John, Director Operations, ENCS, said: “For both depth and breadth, this is the most detailed and realistic training available to utilities. The red team can choose multiple different approaches to attack – even to use malware we’ve designed to mimic real-world threats – and the blue team will have to respond. Our simulated grid environment really brings the training to life so participants can respond to an actual attack in real-time.”
ENCS is a non-profit membership body that brings together stakeholders and security people to deploy secure European critical energy grids and infrastructure. As these infrastructures transition to a digital world, cyber security has become a priority for utilities. High profile attacks this year have underlined that effective security is more important than ever, says ENCS. For example, the ransomware attack WannaCry in May highlighted the rise of automated attacks, while Industroyer showed the sophistication of targeted malware.
Anjos Nijk, Managing Director, ENCS, said: “As the energy landscape changes, it’s vital companies keep pace with innovations and step up their security measures. Access to the right skills has been a barrier in the past but now is the time to catch up. Our training will equip people with the expertise, knowledge and capabilities needed to protect their critical infrastructure.”
The first two days of ENCS’ training covers attack techniques and defensive measures. On day three, participants are divided into two. The red team attempts to shut down Gridnet, gaining deep insights into operational technology risks and learning to “think like a hacker”. The blue team acts to defend the grid, working on security monitoring, breach detection and incident response. Three companies, including distribution system operatorss (DSOs) and transmission system operators (TSOs), have signed up for the training before the end of 2017.