Cyber-physical security of DTEK

Contribution to Ukraine’s energy security

Ukraine’s energy sector is facing new challenges. We could not stay aside and made another contribution to the industrial safety of our regular client, a key Ukrainian energy company – DTEK. In particular, we conducted an intensive three-day training on safety of automated control systems and operational technologies (OT) for managers and specialists of DTEK. Given the importance of the event, our company allocated four trainers to ensure the quality of teaching.

The training was aimed at systematizing and modernizing the trainees’ theoretical knowledge, as well as strengthening their practical skills in the field of IT and OT safety. The trainees showed a rather high initial level of knowledge in this area. Therefore, we saved time on introduction and theory, and focused on deepening practical knowledge and skills, as well as on studying cyber-physical threats and incidents and other cases of enterprises in Ukraine and other warring countries. 

The training program included the study and discussion of the main concepts, methods and solutions to protect industrial networks from external and internal threats, in particular:

• Security assessment of operational technologies. Overview of security assessment methods, including threat modeling, cyber and cyber-physical attack scenario development, exploit development and penetration testing of industrial networks.

• Building a secure architecture. Designing the protection of hardware, software, and communication links for the various layers of the Purdue model. Proper configuration of routers, switches, and access points for secure communications.

• Network segmentation and data diodes. Restricting access to critical resources to reduce the risk of cyber and cyber-physical attacks and to improve the controllability of network flows.
• Network screens (firewalls). Protect the network perimeter, blocking unwanted traffic and preventing unauthorized access.

• Data encryption. Ensuring confidentiality and integrity of data in transmission and storage, especially for protecting sensitive information.

• Intrusion detection system. Timely detection of and response to unauthorized access attempts, cyber or cyber-physical attacks on the network.

• Network traffic monitoring. Identify anomalies and potential threats in real time for rapid incident response.

• Vulnerabilities and methods to protect SCADA systems. Examples of cyber and cyber-physical attacks and how to prevent, detect and respond to them.

• Security processes. Methods and tools for managing assets, configurations, changes, updates and other processes for maintaining and improving the security of industrial networks of different platforms and ecosystems.

The trainees were particularly interested in monitoring security events in industrial networks. Therefore, right in the course of the training we turned to our partners, representatives of leading vendors of solutions in this area, who quickly responded and clearly demonstrated the benefits and use cases of their solutions, favorably illustrating our rich training.

The training also covered protocol security issues of different layers of the network model:

• Serial/Fieldbus (RS-232, RS-485, RS-422). Reliable data transmission over short distances.
• Ethernet (EtherNet/IP). Real-time data transmission in industrial automation.
• Wireless protocols (ZigBee, ISA100.11a, Bluetooth). Low-power wireless networks for automation and control systems.
• Internet Protocols (HTTP, MQTT). Data transfer in industrial automation, communication between devices and systems.
• Hybrid protocols (CIP, BACnet, KNX). Building automation, the interaction between control and monitoring systems.

Finally, we looked at current security models and concepts in IT and OT:

• A multi-layered approach to cybersecurity and cyber-physical security. Defense-in-Depth and other similar concepts were reviewed.

• Zero Trust authentication principles and models. Methods and examples of realizing such a concept in practice were considered.

• Risk identification, analysis and management. All kinds of risk assessment models for effective risk management were covered.

Our IT and OT security trainings cover a wide range of topics and additional modules beyond those listed above. 

We offer a flexible training program tailored to your organization’s needs.

We offer a free preliminary consultation with our experts to develop the optimal training program.

Get from us the unique experience of protecting industrial control systems, earned and enriched by us in the largest cyber war of all time.