At the St. Petersburg International Economic Forum, for the first time in Russia, international cyber studies were held to prevent an emergency situation as a result of hacker attacks. Representatives of six countries took part in the large-scale exercises: Russia, Belarus, Kazakhstan, Azerbaijan, Pakistan and Vietnam. The event was held on the platform of the National Cyberpolygon, which was provided by RTK-Solar for conducting cyber studies. The exercises were conducted jointly with the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation with the support of the Staff of the Security Council of the Russian Federation.
The event was aimed at coordinating efforts to combat hackers at the global level and practical development of information exchange between participating countries about attacks carried out from the infrastructure of another state. To conduct international cyber studies, the specialists of the National Cyberpolygon deployed a digital twin of the energy facility infrastructure and developed automated attack scenarios that repeated the actions of real attackers recorded since the beginning of the special operation and aimed at various Russian organizations. The participants of the cyber-studies in practice worked out cooperation in countering highly professional hacker groups aimed at destabilizing the socio-economic situation by committing attacks that entail the occurrence of an emergency situation.
During the cyber training, the participants were divided into teams and had to jointly protect the infrastructure segments allocated to them from a series of destructive cyber attacks, the purpose of which was to cause a large-scale blackout. According to the legend of the exercises, the hacker group carried out a series of coordinated attacks on a large electric power facility.
According to the terms of the exercise, by the time the teams started working, several significant incidents had already occurred, as a result of which the infrastructure of the energy facility was infected with malicious software. The attackers continued to carry out attacks to spread a computer virus in order to gain full control over the attacked object. The participants of the cyber training were required to investigate the incidents that occurred, clean up the infrastructure from malicious activity and prevent re-infection, as well as restore damaged files. To investigate the attacks, the teams used a number of domestic cybersecurity tools, including the Kaspersky Unified Monitoring and Analysis Platform centralized event collection and correlation system (KUMA), the R-Vision SOAR platform for orchestration, automation of information security and incident response, the R-Vision TIP threat information analysis platform, and others.
“The participants of international cyber studies practiced countering attacks on life support systems, the successful implementation of which in real life threatens serious consequences for the attacked states. Therefore, it is very important to train together to identify them at an early stage and conduct a continuous dialogue at the global level. Based on the results of the past cyber studies, we managed to form a serious foundation in this direction, which will help the participating countries to act harmoniously in the event of similar threats in practice.”, — stated General Director of RTK-Solar Igor Lyapunov.
Since cyber attacks were carried out on each of the infrastructure segments at different times, it was necessary for the teams to exchange information about the investigation of incidents. A special technical unit, the Computer Incident Response Center, worked to coordinate the actions of the teams. It was presented by experts from the National Computer Incident Coordination Center (NCCC) and cybersecurity specialists from RTK-Solar. The center’s team aggregated team reports, monitored the progress of the investigation of incidents and periodically informed participants about threats and recommended measures to counter cyber attacks. The response center was located at the St. Petersburg State University of Telecommunications named after Prof. M. A. Bonch-Bruevich, which acted as a partner of cyber studies.