What happens in a control room during a cybersecurity attack?: Preliminary observations from a pilot study

Abstract

Cyberattacks on the critical infrastructure is a growing concern for businesses, national authorities and public in general. The increasing complexity and connectivity of the critical infrastructure systems have made them susceptible to cyberattacks. The traditional notion of safety systems being isolated is no longer applicable, as we have seen ample examples on how these systems can be exploited through gaps in e.g. supply chain, physical security, insiders. This places greater importance on how the staff belonging to owners and operators of these critical infrastructure, e.g. operators, IT/security personnel, system engineers, management, are prepared to handle cyberattacks. This paper presents our ongoing research on investigating the preparedness of organisations to handle cybersecurity incidents and providing holistic solutions to improve cybersecurity posture. We present one experiment that has been conducted using our cybersecurity centre and man-machine laboratory to study how operators and security team of a power plant will handle a cyberattack. We highlight the main observations made through this experiment.