Kaspersky Lab recently took part in the Industrial Control Systems Cyber Security Conference in Atlanta, where the company’s experts spoke about the current threat landscape facing large enterprises and government organizations. Kaspersky Lab also presented a role-play game with a serious message to highlight the importance of improving interaction between top managers in mission-critical industries.
One of the main problems when it comes to securing critical infrastructure objects is cyber sabotage – malicious campaigns organized to disrupt the work of production facilities, transport, power generation and other important industrial sectors.
During the conference Roel Schouwenberg, Principal Security Researcher at Kaspersky Lab, presented an analysis of the main trends uncovered by the company’s latest research into the key threats facing critical industries. The company’s work on developing defenses against cyber sabotage campaigns which target key real-world infrastructure also inspired the Kaspersky Industrial Protection Simulation.
The Kaspersky Industrial Protection Simulation role-playing game, introduced to the conference participants in Atlanta, is a step-by-step exercise in strategic planning. Teams are placed in charge of a simulated infrastructure object – in this case a water treatment plant – and must maintain reliable and uninterrupted operation in the face of regular cyber security alerts. The ultimate goal of the game is to ensure the working efficiency and profitability of the enterprise.
"We developed this game because we see a problem: in most enterprises there is a lack of understanding among senior officials. The director does not grasp why spending on cyber security is a positive investment in the company’s profitability; the security manager is unable to apply security policies because the chief engineer is concerned that these protective measures might disrupt working processes. These various misunderstandings, in our opinion, form one of the biggest problems in protecting critical infrastructure against cyber-attacks,” said Vyacheslav Borilin, a Kaspersky Lab expert specializing in critical infrastructure protection.
The game gives participants a detailed insight into a targeted attack on an industrial object, helps them evaluate the potential consequences, and highlights measures that can be taken to prevent similar incidents.
The scenarios involved draw on real-life examples. Kaspersky Lab specialists produced an exact copy of a real water purification station, and recreated genuine attack scenarios. The developers tried to consider all possible attack vectors – from an attack on the water company’s headquarters to a targeted attack on the plant’s computers and infection of the programmable logic controller (PLC) – with the aim of infecting local systems that automate industrial operations.
Over 60 specialists from various industries took part in the business game held at the Industrial Control Systems Cyber Security Conference.
“All the participants independently came to the conclusion that industrial automated systems require well-thought-out, uninterrupted protection for their information networks. Namely this was the main goal of the game,” commented Andrey Dukhvalov, Head of Future Technologies at Kaspersky Lab.
To learn more about Kaspersky Lab initiatives in the sphere of critical infrastructure protection visit the dedicated page on the company’s official website.
The Industrial Control Systems Cyber Security Conference has been held regularly since 2000 to discuss issues around the cyber security of critical infrastructure facilities. This year’s edition took place in Atlanta from October 21-24.
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company’s research and development department has a staff of about one thousand people, which allows Kaspersky Lab to develop cutting-edge technology capable of combating all types of malware. Many of Kaspersky Lab’s new technologies are unique to the industry and are highly effective at countering the most sophisticated threats.