The Estonian-founded, Amsterdam-based software security company, Guardtime, has planned and executed a custom cyber exercise for the UK civil nuclear sector.
The exercise was run on the Estonian Defence Forces’ cyber range, complemented with actual industrial control systems simulating a nuclear power plant, the company said in a statement.
“Live cyber attacks were conducted against these systems to provide the participants with an opportunity to exercise perishable cyber defence skills, analytical thinking to characterise an ongoing cyber-attack, achieving situational awareness, and communicating with senior management,” the company said.
Developed with support from the Institute for Security and Safety at the Brandenburg University of Applied Sciences and the UK National Cyber Security Centre, the scenario included elements of both cyber and physical security. Guardtime assembled a multi-national team of experts to deliver the cyber-attacks, EclecticIQ provided a cyber threat intelligence sharing platform, and Defendec provided perimeter surveillance cameras.
“Our approach is to work with world-class partners to develop a highly-customized experience,” Guardtime’s head of cyber operations, Luc Dandurand, said in a statement. “Each sector has its own approach to cybersecurity and its own specific risks. A successful exercise requires drawing on the sector’s leading experts and adapting to its specific perspective to deliver the right tempo against a realistic, engaging background scenario.”
A report by the Chatham House in 2015 said that the risk of a serious cyber attack on civil nuclear infrastructure is growing, as facilities become ever more reliant on digital systems and make increasing use of commercial “off-the-shelf” software. The report found that the trend to digitisation, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realise the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.
Guardtime is an Estonian-founded, Amsterdam-based software security company, founded in 2007.
Cover: A nuclear power station in the UK (the image is illustrative).