QinetiQ and strategic partner Inzpire, working in partnership with the National Cyber Security Centre (NCSC) and the Department for Business, Energy and Industrial Strategy (BEIS) have completed the first ever series of U.K. sector-wide, cyber resilience exercises for the U.K.’s Critical National Infrastructure (CNI) Electrical Distribution organizations.
Cyber-attacks on individuals, commercial organizations, CNI and Government departments are increasingly common and constantly evolving, impacting on reputation, safety and share price. Future generations of board level executives, operational managers and technical engineers must be equipped with the knowledge, skills and confidence in cyber capabilities to maximise the opportunities that cyberspace creates and ensure resilience against the potential threats.
Cyber Security needs to form part of ‘business as usual’ activities, requiring education, training, operational planning & preparation and consideration throughout a capability or service lifecycle. Only then will an organization be able to increase the awareness, skills and knowledge of operations within cyberspace and better understand how to plan and respond to threats, and to synchronise operations in both the physical space and cyber domains.
QinetiQ has been the Lead Exercise Integrator in a series of sector wide cyber resilience exercises for the U.K.’s electricity sector. QinetiQ, working in partnership with BEIS, NCSC and Inzpire, has facilitated a series of exercises collectively known as “PowerPlay”. PowerPlay was specially designed and executed to prepare and equip the electricity sector’s engineering, operational and executive teams with the knowledge, skills and confidence in their processes and technologies to maximise the opportunities that cyberspace creates whilst ensuring resilience against the cyber threat.
The three exercises, started with an operational / command & control focused exercise to understand the role of individual organizations and how communications and decisions are made within the context of a much larger, coordinated sector wide incident. Following this was a live-exercise focused on the 3rd party supply chain (without knowledge that they were being exercised) to examine how they would analyze and fuse multiple cyber-incidents to create common situational awareness and coordinate incident response. The exercise series culminated in a large, distributed exercise involving over 170 participants at 13 different locations across the U.K. and overseas. A complex set of inter-connected events played out based on attacks varying from spearphishing to more specialist attacks on both IT and Operational Technology networks.
Dr Richard Randel, Principal System Engineer Cyber, Information and Training at QinetiQ said: “The exercise demonstrates how QinetiQ can work with Government partners and the CNI sector, bringing together our capabilities and experience, to increase the resilience of the U.K. and recognise the importance of exercising as a means to assure operations.“
A participant said: “It provided us with a greater awareness of the cyber threats within the sector and how all business functions need to work together to respond to a cyber-incident.”