Our firm recently partnered with the University of Southern Maine Department of Engineering faculty and students to develop and execute an interactive substation cybersecurity demonstration, during which participants experienced real-time attack scenarios. Throughout the semester, the dual testing/training lab environment was established to explore potential cyberattacks against power grid transmission systems.

Ultimately, several potential attack scenarios were developed and presented as part of a live demonstration that took place on April 26, 2018, at the Maine Cyber Security Cluster in Portland. The scenarios included real-world threat vectors, including watering hole, spear phishing and ransomware attacks. These scenarios were executed in real-time, with both the attacker and the target point of view being shown across multiple screens. Frequent breakouts were held to explain each scenario and to discuss ways to better guard against each step of the attack process.

This demonstration was intended to help compliance, physical/cybersecurity, IT professionals and project managers actively identify ways to improve their processes and environments through an attacker's perspective. During this presentation, attendees experienced real-time attack scenarios demonstrated in a secure development environment, and learned how their existing systems, methods and procedures may be vulnerable to attacks in ways they may not have previously considered.

Here are three key takeaways from the program to keep in mind when considering secure practices:

  1. Be careful what information you share, because things you might not even expect to be usable information on social media could facilitate an attack.
  2. In general, processes can be weaker during construction and commissioning phases, creating an opportunity for an attacker to exploit. Be diligent during these project phases.
  3. Be careful with email links or attachments, even from trusted sources, and always be cautious before opening them.
by
John Biasi is a solution architect in the Governance, Risk, Cybersecurity and Compliance Group at Burns & McDonnell. He is also an adjunct professor at the Oklahoma State University Institute of Technology. His primary focus is on protecting critical infrastructure by focusing on risk management in the context of cybersecurity and regulatory compliance. He has extensive experience directing a broad range of IT security initiatives in planning, analysis and implementation of solutions, and he has hands-on experience leading all aspects of network design on high-profile projects. He is an active participant in the NERC Security Integration and Technology Enablement Subcommittee (SITES), Smart Electric Power Alliance (SEPA) and the Utilities Technology Council (UTC), focusing on grid modernization cybersecurity and compliance. John has a bachelor's degree in information technology and a Master of Business Administration in cybersecurity management from Excelsior University.