SOS Intl, SANS Institute, and WSC Inc. have collaborated and developed the power industry’s first cybersecurity training environment that is integrated with operational simulators in a single student experience. This new approach is designed to train cyber operators to recognize and respond to potential cybersecurity breaches.
The training consists of scenario-based exercises to allow cyber operators to attack and target simulated environments to help them better understand how to defend their systems. It will also be available to utilities to train transmission and distribution system operators. The training enhances their ability to recognize, respond, and coordinate with cyber operators and IT experts simultaneously in the event of a cybersecurity breach.
The new training experience was rolled out in June in both Germany and Poland at the SANS ICS NetWars events. The training will be presented in the U.S. at SANS events hosting Grid NetWars and NERC’s GridSecCon in October, as well as various other conferences and workshops throughout the United States and abroad.
Over the last few years, attacks on critical infrastructure have surged, and the potential repercussions are significant. A loss of data is concerning, but a loss of electricity or equipment damage is catastrophic. By using the cybersecurity simulator, system operators learn how to recognize a potential attack, predict system behavior, and respond appropriately using scenario-based data. This tool makes training drills more realistic and relevant for the trainees.
“We realized that most of the cybersecurity training available for utilities was geared toward information technology (IT) personnel, completely overlooking the cyber and system operators. The best course of action is obvious – train the cyber and system operators to recognize the signs of a potential threat as they monitor the system. Then, the operators and IT departments work together to respond,” says Rocky Sease, owner and CEO of SOS.
Our nation’s electric grid is increasingly dependent on an ever-growing network of trusted external connections from entity to entity and a complex infrastructure of interconnected systems within entity environments that are relied upon for operations, and as a result, it is also increasingly susceptible to cyberattacks. Tim Conway, ICS technical director for SANS, shared that such attacks could potentially cause service outages, potentially damage equipment, have larger geopolitical effects, as well as impact local economies.
“Many utilities, both in the U.S. and abroad, are beginning to ‘up their game’ when it comes to cybersecurity training. They’re realizing the NERC Standards requiring training for access to systems is essential, but it is only the minimum. Additional training for individuals who support the most critical operational assets within the organization needs to be pursued, and for the electric system operators who rely on those assets there needs to be hands-on joint team based training that focuses on working across organizational silos to ensure the various teams are prepared to work together during a targeted cyber-attack,” Conway says. “Utilities are using yesterday’s technology to defend against today’s cyber threats,” said Oussama Ashy, head of business development at WSC. “All three companies saw a need to provide much-needed, state-of-the art simulation in order to give our cyber and system operators the tools needed to recognize, detect, and respond against attacks. This integrated training experience is the result of a significant investment from the experts at WSC, SANS, and SOS.”