Tools


Siemens Worldwide

The Magazine

Contact

Contact
The Magazine
Subscribe

Cyberdefense exercise

Securing the virtual shield-wall

Locked Shields is the world’s largest and most advanced international network defense exercise. Siemens, a cooperation partner of the NATO Cooperative Cyber Defence Centre of Excellence, contributed its Spectrum Power Control technology to this year’s exercise.

Modern societies depend on a set of critical infrastructures, and none is more critical than energy supply, which keeps all other elements running. Because cyberattacks have become more prevalent due to digitalization, cybersecurity training is becoming an essential part of securing and protecting assets. At a recent cyberdefense exercise in Estonia, governments and industry partners, including Siemens, collaborated with the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) to train against cyberattacks.

Banking, the internet, water supply, and other essential services cannot operate without power. This interface between the physical world and the virtual digital space creates tremendous new possibilities and generates huge amounts of data that can be used to optimize services or gain a better understanding of usage patterns. 

However, the infrastructure needs to be adapted to be able fully to exploit the possibilities that digitalization offers; this is especially true for power grids, where digitalization has coincided with the integration of renewable and distributed energy, the need for continuous network optimization, and an increase of prosumers who not only consume energy, but also generate it and feed it back into the grid. 

Many elements of the energy system are digitally connected to the internet, so grid operators must constantly update their defense capabilities to match the growing sophistication of malicious actors and eliminate any new attack vectors arising from the digitalization of the energy sector. With more renewables, smart home appliances, and networked elements such as electro-mobility or Supervisory Control and Data Acquisition (SCADA) systems, critical infrastructure owners must ensure the reliability and integrity of their operations with technology, but also with expertise. 

With technical support from the Green Team, the defenders of “Berylia” face off against their antagonists from the Red Team of “Crimsonia".

Siemens supports its customers not only with consultancy and state-of-the-art technical solutions, but also by building up security capabilities, for instance through active participation in organizations such as the European Energy – Information Sharing & Analysis Centre (www.ee-ISAC.eu) and as a technology partner in cyberdefense efforts. Most recently, Siemens experts participated in the Locked Shields 2017 live-fire exercise, hosted by the NATO CCD COE in Tallinn, Estonia.

Strong defenses – a local specialty

The ancient capital of this young Baltic state has a long history as a fortified position. Tallinn’s medieval ramparts bear testimony to a successful defensive game through the ages, as does the beautiful old town, which has survived the ravages of wars and sieges largely intact. Over its roofs, Vana Toomas (Old Thomas) has been on the lookout since 1530. As one of Tallinn’s emblems, the wrought-iron guardsman straddling a weather vane atop City Hall represents a tradition of steadfast watchfulness.

The old city of Tallinn. Through trade with Russia and Scandinavia, the city flourished in the Hanseatic League. Today, it hosts the Locked Shields exercises.

Some modern-day ephemeral threats, however, cannot be warded off with physical towers and battlements, and so the defenders who have “Locked Shields” today are deploying virtual protections to ensure the continued operation of the infrastructures assigned to them. Twenty Blue Teams in multiple countries must maintain the services and networks of a simulated military airbase in the fictional nation of Berylia. In the sixth floor of the Swissôtel Tower, the referees watch as rows of monitors display a sustained cyberattack in real time. 

“Locked Shields is the biggest and most complex international live-fire exercise in the world,” says Sven Sakkov, Director of the NATO CCD COE, which has organized the exercise since 2010. At its core is an issue that affects the very underpinnings of modern societies, he says: “Our everyday life depends on cybersecurity. It’s about the banking system, about the economic life of a modern country. The energy sector is one of the critical parts of that critical infrastructure, because everything we do needs electricity, and the assuredness of supply and the resilience of the grid are fundamental in how the modern world operates.”

Supply security and grid resilience are fundamental to how the modern world operates.
Sven Sakkov, Director, NATO CCD COE

Realistic threat landscape

In the large operations room, participants study rows of screens that depict the ongoing status of network penetration attempts. Arrows, vectors, and network data flash across the displays as the Blue Team defenders battle their antagonists, the Red Team from the nation of “Crimsonia”. However, though the conflict parties may be fictitious, the threat picture is not – on the contrary, the maneuver is set up to be as realistic as possible.

Under this year’s scenario, the Red Team are targeting the electric power grid, without which the entire airbase will be shut down – from runway lights and fuel pumps to the radar system. “Every year, we discuss which threats and which systems to involve to make sure we cover the threat landscape,” says Raimo Peterson, Technology Branch Head at NATO CCD COE. Together with the other Green Team specialists, he prepared the targeted systems, including the Siemens Spectrum Power control center solution, to control the power supply for Berylia’s virtual airbase. 

The Siemens Spectrum Power solution has been by far the most complex system ever used in the Locked Shields exercise series.
Raimo Peterson, Technology Branch Head at NATO CCD COE

The aim is to train these cybersecurity experts to keep their system up and running or restore them if compromised, under constant and sophisticated attack. “It was important for us to use real targets, not mockups; so this exercise uses the same power grid software that’s used by energy providers in the real world,” says Peterson. “The Siemens Spectrum Power solution has been by far the most complex system ever used in the Locked Shields exercise series,” he adds.

Aiming for the heart

That’s why the Spectrum Power system is ideal for “target practice” in this cyberdefense training. “Control centers are the heart and brain of any power system. Therefore, their safe operation and protection is of utmost importance,” says Volker Distelrath, Head of Cybersecurity at the Siemens Energy Management Division. 

The way grids are operated and managed has changed drastically in the last years with the penetration of renewable and decentralized energy resources. The need for network optimization, interaction with prosumers and consumers, and the numbers of new market participants have all significantly increased. With information and communication technology penetrating distribution networks and even households, the growing interconnections create more vectors for potential attacks to critical infrastructure. Consequently, cybersecurity is a top priority for power system operators today.

Control centers are the heart and brain of any power system. Therefore, their safe operation and protection is of utmost importance.
Volker Distelrath, Head of Cybersecurity, Siemens Energy Management Division


 

The advanced network management and automation platform combines central access management for SCADA systems with smart-grid elements and is interoperable with the systems of other manufacturers. Therefore, the Spectrum Power can be integrated with any existing IT security environment. But its manifold functions also underscore the importance of defending this key asset against malicious actors. 

For Siemens, involvement in the training of cyber-experts offers insights into how they defend targets like the Spectrum Power. Since Siemens is a leading provider of cybersecurity solutions and also offers comprehensive consulting services on this topic, the opportunity to apply this know-how to a large-scale attack scenario is also a unique occasion for learning and practicing. For the company, it is extremely important to be able to improve both the safety of its own products and the quality of the consulting services it offers to make customers’ infrastructures even safer.

At the same time, the Red Team’s efforts to penetrate the system are also of great interest to the Siemens team participating in Locked Shields. “This knowledge will help us to improve our systems and make them more robust against potential cyberattacks,” says Distelrath. “This training is crucial, and builds up experts’ confidence, knowledge, and experience in handling sophisticated cyber-attacks,” he believes. 

Christopher Findlay, journalist based in Zurich, Switzerland
Picture credits: Markus Zucker, photographer and film-maker based in Berlin, Siemens AG