The ENCS Red Team – Blue Team training teaches anyone working with ICS or smart grids the essentials of cyber security. The training:
- Raises awareness of ICS cyber security risks
- Provides an overview of defensive measures
- Teaches how to detect attacks and respond to them
The training lets participants train with a cyber attack on grid operator Operational Technology (OT) systems. In a full day exercise, the IT and OT infrastructures of a grid operator are simulated, including a SCADA system and multiple substations. The Blue team is tasked with protecting the infrastructure, while the Red team tries to hack it. In this way, attackers can learn how to prevent and detect advanced attacks on OT systems.
ENCS is offering the training as an in-house event for 20 to 30 participants. The training works best if the group contains participants with different roles:
- IT specialists, including system administrators and security officer
- OT specialists, including SCADA and substation engineers
- Managers with a responsibility for OT security
One of the key training benefits is improving the communication between these groups.
The training teaches participants to:
- Understand the risks of cyber-attacks on OT systems
- Understand what measures should be taken to prevent cyber-attacks
- Know how to detect and respond to cyber-attacks
By putting employees usually responsible to defense in the position of an attacker, they gain new insights into how cyber-attacks can happen, and what they can do to prevent or respond to them.
By experiencing a cyber-attack with a group of employees responsible for OT cyber-security, communication on security is improved.
Red team-Blue team training program
The training will have a three-day schedule. The training days are divided into the following halves:
- During the first half, security specialists from ENCS teach the participants in theory and hands-on sessions about the cyber security risks of the Operational Technology (OT) systems, and how these risks can be mitigated
- During the second half, the participants will experience a realistic cyber-attack in the Red team – Blue team exercise.