Training for the defense against cyber attacks

It doesn't matter whether we're talking about companies, IT systems, production facilities, traffic systems or power plants: All systems are becoming increasingly complex as a result of ongoing digitization and networking. New technologies and possibilities are constantly being added. This makes great progress possible - for example, in terms of increasing efficiency or reducing ecological impact. At the same time, however, it is becoming increasingly difficult to control the systems. Moreover, there are more and more new threats, such as hacker attacks. 

This is something many companies and organizations are preparing for by drafting plans and processes for how to respond when critical situations arise. "But drawing up such concepts on paper is quite different from being able to put them into practice in an emergency," says Maria Leitner, a researcher at the Center for Digital Safety & Security at the AIT Austrian Institute of Technology. Therefore, a so-called "cyberrange" was developed, in which a real system (e.g. an IT system in a factory or in a nuclear power plant) is simulated and in which processes and actions can be played out. This is important because it is not possible to carry out such tests in these critical infrastructures in the real world for security reasons.

In the course of the simulation, you go through various situations step by step and consider how you can solve the challenges that arise. This allows you to analyze structures and processes and determine the effects of different actions and reactions. With a cyberrange, one's own cyberskills - the abilities to deal with IT security threats - can be tried out and trained. "You often only find out what knowledge or skills employees still need when you play through a real situation," says Leitner, summarizing her experience. 

And she emphasizes a second key point: You can practice in this way how the cooperation between different participants works. After all, in the event of a cyber attack, cooperation with partners and authorities is crucial.

For the first time, such a threat was simulated on a large scale in a simulation game organized by the Austrian Security Council (KSÖ): The objective was to detect simulated cyberattacks on critical infrastructures, defend against them and report them to the responsible authorities, who in turn took relevant actions for the individual organizations. 

The areas of application for cyberranges are very diverse. For example, AIT is working with the International Atomic Energy Agency (IAEA) to develop a simulation model for controlling a critical part of nuclear power plants on which safety exercises can be performed. Another current example is the ACCSA (Austrian Cyber Crises Support Activities) project: There, a system is being designed that can be used to conduct training and large-scale exercises in the event of a cyber crisis - analogous to classic large-scale exercises in crisis and disaster management.