We again joined forces with ČEZ, the largest electricity producer in the Czech Republic, to reinforce their cybersecurity preparedness. Being a critical entity within the Czech critical infrastructure, ČEZ understands the importance of cybersecurity. We organized an exercise utilizing the KYPO Cyber Range Platform that exceeded the usual training. Read more to find out what it was about.
Everything began several months before the exercise when we conducted an ideation meeting with ČEZ's company management. During this session, we aligned on the exercise's goals and key aspects, resulting in a customized five-day program consisting of two briefing days and three action-packed, hands-on days.
While this collaboration isn't our first with ČEZ, nor is it the first exercise we have organized, the stakes are consistently high when preparing a new scenario for a team of highly skilled professionals. The exercise participants bring diverse work experience and skillsets, which we carefully consider during preparation. One of our primary challenges is forming well-balanced teams that harness these differences effectively.
Scenario and Infrastructure
Another significant challenge is crafting a scenario that aligns with the exercise's goals and engages the participants. Given the energy industry focus, we deliberately incorporated malicious software like Industroyer2 and CaddyWiper into the practical part. This decision was inspired by actual cybersecurity incidents attributed to the Sandworm group in previous years, especially during the spring 2022. We emphasized key techniques, tactics, and procedures from the MITRE ATT&CK® database related to these malwares.
Regarding infrastructure, we developed complete IT and OT systems that emulate a fictional energy power plant. We aimed to create an immersive and realistic environment with all the necessary components. These infrastructures were closely monitored, with visualization of the data enhancing the gamification elements. To replicate real-life cyber-attack scenarios across different phases, we prepared for each team an infrastructure with slight variations. This enabled participants to experience the evolving challenges of a cyber-attack firsthand.
Gamification and Generative AI
Additionally, we crafted a captivating story and integrated gamification elements such as employee personas, and scripted emails from external parties (GovCERT, CISO, employees). Throughout the exercise preparation and execution, we seamlessly integrated chatGPT into our workflow, leveraging its capabilities to enhance our outputs. In particular, chatGPT played a pivotal role in developing alternative storylines that inspired us and even generated content in our communication with participants.
Above all, our ultimate goal was to design an exercise that transcends a defense-oriented approach and places significant emphasis on fostering effective communication and collaboration among participants. For this reason, we also set a hierarchy of blue teams and a set of processes they must have followed during the exercise.
Excited to learn about the exercise experience and the lessons gleaned? Stay tuned for the second part of our case study, where we'll share all the details.