US utilities Consumers Energy and DTE Energy revealed this week that they held a real-world cyber security simulation earlier this month as a replacement to a traditional table-top exercise.
Facilitated by cyber security company Michigan Cyber Range, the exercise called Power Phoenix took place on October 15 and was intended as training operation to test incident response skills.
The simulation also helped fulfil annual compliance requirements for the two public energy companies.
John Townsend, manager of Information Protection & Security at DTE Energy, said: “We would normally use a table-top exercise for our training. For the technical people, this exercise is very valuable, to deal with injects using the tools that we would use in a real incident.”
How the simulation worked
Consumers Energy and DTE Energy participated in identical exercise environments, called Betatown and Gammaburg, based on locations in the Cyber Range’s Alphaville, said Michigan Cyber Range in a statement.
Created by the Michigan Cyber Range, Alphaville is a virtual training environment designed for testing cyber security skills.
Power Phoenix took place within the Alphaville Power & Electric Company.
This virtual power company demonstrates the protocols and security challenges required to secure a SCADA environment. SCADA, supervisory control and data acquisition, is a computer system for gathering and analyzing real-time data, a system typically used to monitor plants or equipment in the energy industry.
The scenario for Power Phoenix began with a malware-compromised network.
The firewall logs showed attempts to connect outside of the SCADA environment. The incident response teams and IT security managers from Consumers Energy and DTE Energy located the anomalous activity, mitigated the attack vector and worked to resolve the breach.
Forensic team members performed an in-depth analysis of the activity.
Joe Adams, director of the Michigan Cyber Range, conducted an after action review immediately following the Power Phoenix exercise.
The participants spoke about how they approached the challenge, what they learned, and ways to improve communication and documentation in current systems to enhance response procedures.