Cyberdefence exercise: Securing the virtual shield wall
Locked Shields is the world’s largest and most advanced international network defense exercise. Siemens, a cooperation partner of the NATO Cooperative Cyber Defence Centre of Excellence, has contributed its electrical power control system to the exercise in recent years.
By Christopher Findlay
Modern societies depend on a set of critical infrastructures, and none is more critical than energy supply, which keeps all other elements running. Because cyberattacks have become more prevalent due to digitalization, cybersecurity training is becoming an essential part of securing and protecting assets. At a recent cyberdefense exercise in Estonia, governments and industry partners, including Siemens, collaborated with the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) to train against cyberattacks.
Banking, the internet, water supply, and other essential services cannot operate without power. This interface between the physical world and the virtual digital space creates tremendous new possibilities and generates huge amounts of data that can be used to optimize services or gain a better understanding of usage patterns.
Strong defenses – a local specialty
The ancient capital of the young Baltic state has a long history as a fortified position. Tallinn’s medieval ramparts bear testimony to a successful defensive game through the ages, as does the beautiful old town, which has survived the ravages of wars and sieges largely intact. Over its roofs, Vana Toomas (Old Thomas) has been on the lookout since 1530. As one of Tallinn’s emblems, the wrought-iron guardsman straddling a weather vane atop City Hall represents a tradition of steadfast watchfulness.
Some modern-day ephemeral threats, however, cannot be warded off with physical towers and battlements, and so the defenders who have “Locked Shields” today are deploying virtual protections to ensure the continued operation of the infrastructures assigned to them. Twenty Blue Teams in multiple countries must maintain the services and networks of a simulated military airbase. In the sixth floor of the Swissôtel Tower, the referees watch as rows of monitors display a sustained cyberattack in real time.
“Locked Shields is the biggest and most complex international live-fire exercise in the world,” says Sven Sakkov, Director of the NATO CCD COE, which has organized the exercise since 2010. At its core is an issue that affects the very underpinnings of modern societies, he says: “Our everyday life depends on cybersecurity. It’s about the banking system, about the economic life of a modern country. The energy sector is one of the critical parts of that critical infrastructure, because everything we do needs electricity, and the assuredness of supply and the resilience of the grid are fundamental in how the modern world operates.”
Supply security and grid resilience are fundamental to how the modern world operates.Sven Sakkov, Director, NATO CCD COE
Realistic threat landscape
In the large operations room, participants study rows of screens that depict the ongoing status of network penetration attempts. Arrows, vectors, and network data flash across the displays as the Blue Team defenders battle their antagonists, the Red Team from the nation of “Crimsonia”. However, though the conflict parties may be fictitious, the threat picture is not – on the contrary, the maneuver is set up to be as realistic as possible.
Under this year’s scenario, the Red Team are targeting the electric power grid, without which the entire airbase will be shut down – from runway lights and fuel pumps to the radar system. “Every year, we discuss which threats and which systems to involve to make sure we cover the threat landscape,” says Raimo Peterson, Technology Branch Head at NATO CCD COE. Together with the other Green Team specialists, he prepared the targeted systems, including the Siemens Spectrum Power control center solution, to control the power supply for Berylia’s virtual airbase.
The Siemens Spectrum Power solution has been by far the most complex system ever used in the Locked Shields exercise series.Raimo Peterson, Technology Branch Head at NATO CCD COE
The aim is to train these cybersecurity experts to keep their system up and running or restore them if compromised, under constant and sophisticated attack. “It was important for us to use real targets, not mockups; so this exercise uses the same power grid software that’s used by energy providers in the real world,” says Peterson. “The Siemens Spectrum Power solution has been by far the most complex system ever used in the Locked Shields exercise series,” he adds.
Aiming for the heart
That’s why the Spectrum Power system is ideal for “target practice” in this cyberdefense training. “Control centers are the heart and brain of any power system. Therefore, their safe operation and protection is of utmost importance,” says Volker Distelrath, Head of Cybersecurity Engineering Digital Grid at Siemens Smart Infrastructure.
The way grids are operated and managed has changed drastically in the last years with the penetration of renewable and decentralized energy resources. The need for network optimization, interaction with prosumers and consumers, and the numbers of new market participants have all significantly increased. With information and communication technology penetrating distribution networks and even households, the growing interconnections create more vectors for potential attacks to critical infrastructure. Consequently, cybersecurity is a top priority for power system operators today.
Control centers are the heart and brain of any power system. Therefore, their safe operation and protection is of utmost importance.Volker Distelrath, Head of Cybersecurity Engineering Digital Grid at Siemens Smart Infrastructure
The advanced network management and automation platform combines central access management for SCADA systems with smart-grid elements and is interoperable with the systems of other manufacturers. Therefore, the Spectrum Power can be integrated with any existing IT security environment. But its manifold functions also underscore the importance of defending this key asset against malicious actors.
For Siemens, involvement in the training of cyber-experts offers insights into how they defend targets like the Spectrum Power. Since Siemens is a leading provider of cybersecurity solutions and also offers comprehensive consulting services on this topic, the opportunity to apply this know-how to a large-scale attack scenario is also a unique occasion for learning and practicing. For the company, it is extremely important to be able to improve both the safety of its own products and the quality of the consulting services it offers to make customers’ infrastructures even safer.
At the same time, the Red Team’s efforts to penetrate the system are also of great interest to the Siemens team participating in Locked Shields. “This knowledge will help us to improve our systems and make them more robust against potential cyberattacks,” says Distelrath. “This training is crucial, and builds up experts’ confidence, knowledge, and experience in handling sophisticated cyber-attacks,” he believes.
Christopher Findlay, journalist based in Zurich, Switzerland
Picture credits: Markus Zucker, photographer and film-maker based in Berlin, Siemens AG
Subscribe to our Newsletter
Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.