On 13 and 14 November, the Competence Centre for a Secure Austria (KSÖ) organised the sixth cyber simulation game together with the AIT Austrian Institute of Technology and the House of Digitalisation. The cyber security exercise, which took place on state-of-the-art IT infrastructure, aimed to train representatives of Austrian companies and authorities in the event of an emergency using a fictitious cyber attack on the state, economy and society. The added value of such realistic simulation games and training sessions has already been confirmed by stakeholders in recent years as very positive and important.
The exercise scenario: Attack on the supply infrastructure of the Austrian economy and the important dependencies of the supply chains
With the aim of permanently disrupting supply chains in Austria and damaging Austrian society and thus the economy, sophisticated malware was installed by attackers in various software components over a longer period of time and simultaneously in several important industrial sectors (industry, chemicals, transport, logistics, food and information and communication technology). For example, email clients, ERP systems and electronic banking applications as well as various software backup systems were infiltrated unnoticed with malware.
Five teams fought against massive cyber attacks
The KSÖ simulation game 2023 addressed security actors and experts from IT departments, representatives of public authorities and stakeholders from affected sectors. The players were confronted with a sophisticated cyberattack scenario in order to evaluate the existing security and communication measures implemented in the players' organisations.
In addition, special attention was paid to coordination and cooperation between the individual organisations in the simulation. The planned communication processes and coordinated procedures were rehearsed and subsequently evaluated under the difficult conditions that apply in the scenario (lack of clarity about the origin of the attacks, severity of the incident, cross-sectoral effects). The organisations participating in the exercise are all affected by the NIS2 Act, so this exercise is also a preparation for the upcoming implementation of the NIS2 Directive for all participants.
Training in one of the most modern digital simulation environments
The threat scenario was realised by AIT experts in the "AIT Cyber Range". This is a flexible digital simulation environment for cyber security exercises. In the "AIT Cyber Range", IT infrastructures and communication processes are simulated realistically, allowing the detection and defence against a wide range of attacks to be trained. This makes it possible to train the defence against cyber attacks in extreme situations and even in critical infrastructures, where "real" tests in the real world are often not possible for security or cost reasons. In this way, structures and processes can be analysed and sources of error identified. The interactions of effects and actions as well as reactions can thus be reliably and transparently understood in order to achieve a high level of resilience.
Quotes:
Mag. Gerhard Karner, Bundesminister für Inneres
„Ich bin dem KSÖ dankbar, dass dieses Planspiel mit dem AIT und dem Haus der Digitalisierung organisiert wurde – ein langjähriges Format des KSÖ, um 'Trockentraining' zu Themen wie Cybersicherheit und Cyberkriminalität zu absolvieren.“
Mag. Karl Schlögl, Vizepräsident KSÖ
„Wir leben in einer Zeit der digitalen Revolution. Cyberangriffe sind kein abstraktes Thema mehr. Ob EPU, KMU oder Konzern, jede Unternehmensgröße ist betroffen oder wird betroffen sein. Das KSÖ trägt mit dem diesjährigen Cyber-Planspiel einen wichtigen Teil zu Cyberresilienz von Österreich bei.“
Dr. Helmut Leopold, Head of Center for Digital Safety & Security, AIT:
„Eine hohe Cyber Sicherheit verlangt nach validierten und erprobten Schutzkonzepten und -technologien sowie nach höchst effektivsten Prozessen im Umgang mit Cyberangriffen. Aber nur durch praktische Übungen und gemachten Erfahrungen bei der Verteidigung von Cyberangriffen kann eine wirksame Resilienz unserer digitalen Systeme erreicht werden. Dies nur durch eine enge Zusammenarbeit von Unternehmen, Wissenschaft und Behörden.“
Bernhard Heinreichsberger, MA, Abgeordneter zum NÖ Landtag:
„Das Haus der Digitalisierung ist ein Herzensprojekt der Landeshauptfrau, welches die verschiedensten digitalen Stakeholder zusammenbringt. Ich als Landtagsabgeordneter bin stolz, dass heute hier in Tulln so viele Personen zusammentreffen. Ich hoffe, dass das Haus der Digitalisierung auch in Zukunft so intensiv genutzt wird.“