What goes on in Poland on the 13th of February.
Sordyl: Polish Grid Exercise is a new quality of cybersecurity in the energy sector
Employees of Polskie Sieci Elektroenergetyczne and other companies from the energy sector were the first in Europe to participate in the PolEx training, based on the American original – GridEx workshops. Thanks to this, they gained unique skills that they could immediately test during simulated attacks. The training took place in November 2018, and CERT PSE is already planning the next edition in 2020. In turn, a conference for cybersecurity experts in the energy sector will take place this year – writes Jarosław Sordyl, deputy director of the teleinformatics department for cyber security, head of the PSE CERT.
GridEx is a biannual comprehensive training in the area of cyber security and physical security, covering, among others, tests of procedures and ways of responding to situations that can be encountered on a daily basis while performing tasks in such organizational units as the Computer Emergency Response Team or the Security Operation Center. This is the most advanced training of its kind in the world, and so far it has never taken place outside the United States. GridEx was established in 2011 as a training concept for the US industry. Its basic assumption is the ability to verify incident response plans, cooperation between private and public organizations, as well as the involvement of managers who, under simulation conditions, can check how to manage in special situations. 6,500 people from 450 organizations took part in the last edition of GridEx in 2019.
Theory and practice
It was the experiences from GridEx training that formed the basis for creating the PolEx program. The staff of people preparing individual simulations for the training participants took care of the current examples on the basis of which one can improve their skills. PSE established cooperation with the organizers of the GridEx training, who agreed to conduct training for Polish specialists. Preparations under which a three-day training program was developed, lasted a year. In addition to exercises based on GridEx, CyberStrike Cybersecurity Cyber Security training organized by the Idaho National Laboratory and “NetWars Network Wars” organized by the SANS Institute were also introduced.
The trainings involved combining the participation of over 400 people from the power sector, as well as from organizations with which CERT PSE cooperates on a daily basis, including CERTs and international organizations, e.g. European Energy Information Sharing & Analysis Center. Most of the participants deal with IT and cyber security on a daily basis. A small part of people involved in the training has to do with industrial cyber security, i.e. operational technology (OT) or industrial control systems (ICS). During three days, over 180 people participated in exercises and simulations, as well as laboratory classes. Participants had the opportunity to learn about the cyber security issues of IT environments and OT not only in theory, but also to become familiar with the practice of detecting and responding to attacks on ICS infrastructure.