SANS Institute’s latest Grid NetWars competition involved 250 security pros from Ukraine

Ukraine hosts large-scale simulation of cyber-attack against energy grid

Cybersecurity professionals from across Ukraine have tackled a large-scale cyber-attack simulation with echoes of the hugely damaging real-world assault against the country’s power grid in 2015.

Comprising 250 participants, 49 teams competed – either virtually or in-person at a venue in Kiev – to accrue points in remediating an attack against a fictional energy provider after it suffered several unexplained system failures.

Across five and a half hours, security professionals from Ukraine’s public and private sectors and higher education institutions sought to ascertain the nature of a malicious network compromise before expelling the intruder and restoring systems to normal operation.


Read more of the latest critical infrastructure security news


The winning team was Kiev-based Berezha Security Group, while cybersecurity engineer Dmitry Korzhevin was the best-performing competitor participating as an individual.

The competition, which took place on December 2, was the latest Grid NetWars tournament from US infosec training body SANS Institute, with recent tournaments also taking place in Singapore, India, Japan, and Australia.

The event was also organized by Ukraine’s National Security and Defense Council, State Service of Special Communication and Information Protection, and Cybersecurity Critical Infrastructure project for the US Agency for International Development (USAID).

‘Close to reality’

“Every day 560,000 new malicious programs are detected in the world, therefore it is necessary to constantly improve qualifications and ‘pump’ the skills of cybersecurity specialists,” said Ihor Malchenyuk, head of cybersecurity regulatory assistance and institutional development at the USAID Cybersecurity for Critical Infrastructure in Ukraine project.

“Such competitions as Grid NetWars provide an opportunity to practice not only the knowledge and skills of each specialist separately but also train joint interaction,” he added. “After all, the training conditions are as close to reality as possible.”

Tim Conway, technical director of the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) programs at SANS, mentored event participants with the help of two other US-based infosec experts.

‘Practice the way they play’

“Grid NetWars is a product that has existed for a number of years and has been used in country-level exercises since its creation,” Conway told The Daily Swig.

“It has also been leveraged by practitioners around the world who attend critical infrastructure or industrial control system-specific events like the SANS ICS Summit where Grid NetWars competitions are conducted in the evenings after courses.”

The latest, Ukraine-based event had successfully enabled “participants to face real world challenges, develop skillsets, gain exposure to technical tools, and most importantly ‘practice the way they play’ through collaboration, and provided the opportunity to work together in teams just like they would in a real world incident response”, he added.

Conway helped to investigate the 2015 attack on three Ukrainian power distribution centers that left around 225,000 residents without power for up to six hours.

The country’s energy grid was struck again a year later, and Ukraine’s then president Petro Poroshenko said thousands of recent attacks against state institutions were evidence that Russian security services were waging a cyberwar against the country.


YOU MIGHT ALSO LIKE Propane distributor Superior Plus admits ransomware breach