For the first time in Russia, international cyber exercises were held to prevent an emergency as a result of hacker attacks. The large-scale exercise was attended by representatives of six countries: Russia, Belarus, Kazakhstan, Azerbaijan, Pakistan and Vietnam. This was reported to CNews by representatives of the RTK-solar company.
The event was held as part of the St. Petersburg International Economic Forum on the platform of the National Cyber Testing Ground, which was provided by the RTK-solar company for conducting cyber exercises. The exercises were conducted jointly with the Ministry of Digital Development, Communications and Mass Media of Russia with the support of the Office of the Security Council of Russia.
The event was aimed at coordinating efforts to combat hackers at the global level and the practical development of information exchange between participating countries about attacks carried out from the infrastructure of another state. To conduct international cyber exercises, specialists from the National Cyber Testing Ground deployed a digital twin of the infrastructure of the energy facility and developed automated attack scenarios that repeated the actions of real attackers, recorded since the beginning of the special operation and directed at various Russian organizations. The participants of the cyber-exercise practiced interaction in countering highly professional hacker groups aimed at destabilizing the socio-economic situation by carrying out attacks that lead to an emergency situation.
During the cyber exercise, the participants were divided into teams and had to work together to protect the infrastructure segments allocated to them from a series of destructive cyber attacks, the purpose of which was to cause a large-scale blackout. According to the legend of the exercises, the hacker group carried out a series of coordinated attacks on a large electric power facility.
According to the terms of the exercise, by the time the teams began work, several significant incidents had already occurred, as a result of which the infrastructure of the energy facility was infected with malicious software. The attackers continued to carry out attacks to spread a computer virus in order to gain full control over the attacked object. Participants in the cyber-exercise were required to investigate incidents, clean up the infrastructure from malicious activity and prevent re-infection, and restore damaged files. To investigate the attacks, the teams used a number of domestic cybersecurity tools, including the centralized collection and correlation of events Kaspersky Unified Monitoring and Analysis Platform (KUMA), the platform for orchestration, automation of information security and response to incidents R-Vision SOAR, the platform for analyzing information about threats R-Vision TIP etc.
“Participants in international cyber exercises practiced countering attacks on life support systems, the successful implementation of which in real life threatens with serious consequences for the attacked states. Therefore, it is very important to train together to identify them at an early stage and to have an ongoing dialogue at the global level. Based on the results of the past cyber exercises, we managed to form a serious groundwork in this direction, which will help the participating countries to act in a coordinated manner in the event of similar threats in practice,” said the CEO of RTK-solar Igor Lyapunov.
Digital novelties of VTB: from biometrics for the web version to a bank in Telegram
IT in banks
Since cyberattacks were made on each of the infrastructure segments at different times, the teams needed to exchange information about the investigation of incidents. To coordinate the actions of the teams, a special technical unit worked – the Center for Response to Computer Incidents. It was presented by experts from the National Coordination Center for Computer Incidents (NCCC) and cybersecurity specialists from the RTK-solar company. The center team aggregated team reports, monitored the progress of incident investigations, and periodically informed participants about threats and recommended measures to counter cyberattacks. The response center was located at the St. Petersburg State University of Telecommunications. prof. M. A. Bonch-Bruevich, who acted as a partner of the cyber exercises.
RTK-solar is a provider of services and technologies for the protection of information assets, targeted monitoring and information security management. The company’s technologies are based on the understanding that real information security is possible only with continuous monitoring and convenient management of information security systems. This principle is implemented in the products and services of the company.