Cybersecurity experts from throughout Ukraine took part in a large-scale cyber-attack simulation that echoed the devastating real-world strike on Ukraine’s power infrastructure in 2015. With 250 participants, 49 teams battled – either electronically or in person at a venue in Kiev – to earn points by resolving an attack on a fictional energy company after it experienced multiple unexpected system failures.
Security experts from Ukraine’s governmental and private sectors, as well as higher education institutions, worked for five and a half hours to determine the nature of a hostile network penetration before expelling the intruder and returning systems to normal functioning.
The winning team was Berezha Security Group from Kiev, and cybersecurity engineer Dmitry Korzhevin was the best-performing individual participant.
The competition, which took place on December 2, was the latest Grid NetWars event hosted by SANS Institute, a US information security training organisation, with previous tournaments held in Singapore, India, Japan, and Australia.
The event was also coordinated by Ukraine’s National Security and Defense Council, State Service of Special Communication and Information Protection, and the US Agency for International Development’s Cybersecurity Critical Infrastructure project (USAID).
‘Close to the truth’
“Every day, 560,000 new harmful programmes are found around the world,” said Ihor Malchenyuk, the head of cybersecurity regulatory support and institutional development at the USAID Cybersecurity for Critical Infrastructure in Ukraine project.
“Competitions like Grid NetWars provide an opportunity to practise not just each specialist’s knowledge and talents individually, but also joint interaction,” he noted. “After all, the training settings are as realistic as they can be.”
With the support of two additional US-based infosec specialists, Tim Conway, technical director of SANS’ industrial control systems (ICS) and supervisory control and data acquisition (SCADA) programmes, coached event attendees.
‘Exercise in the manner to play better.’
“Grid NetWars has been used in country-level exercises since its inception,” Conway told The Daily Swig.
“It’s also being used by practitioners all over the world who attend critical infrastructure or industrial control system-focused gatherings like the SANS ICS Summit, where Grid NetWars competitions are held in the evenings following the lectures.”
“Participants were able to face real-world challenges, develop skillsets, gain exposure to technical tools, and most importantly, ‘practise the way they play’ through collaboration, and provided the opportunity to work together in teams just like they would in a real-world incident response,” he added.
Conway was involved in the investigation of the 2015 attack on three Ukrainian power distribution stations, which resulted in the loss of power for up to six hours for about 225,000 people.
A year later, the country’s electrical grid was hit again, and Ukraine’s then-president, Petro Poroshenko, said that thousands of recent cyberattacks on state institutions were proof that Russian secret agencies were waging a cyberwar against the country.