The inaugural Critical Infrastructure Defence Exercise (CIDeX) was organised by the Digital and Intelligence Service (DIS) and supported by the Cyber Security Agency of Singapore (CSA), iTrust/SUTD, and the National Cybersecurity R&D Laboratory (NCL).
It is the largest OT hands-on-keyboard Critical Infrastructure defence exercise. It provides a platform for Singapore’s cyber defenders to train together the defence of Critical Information Infrastructure (CII).
This cyber defence exercise saw the Blue team (members of various national agencies) defending against the Red team (DIS and CSA personnel) in different potential scenarios. These included simulated attacks on critical country infrastructure, such as the poisoning of a water treatment plant and major water and power supply disruptions.
With a better insight into how the CII – comprising IT and OT networks – can suffer from cyberattacks and their adverse consequences, the blue teams can distil these lessons and tailor them to augment their respective organisations’ cyber defence and protection strategies.
CIDeX 2022’s platform has three OT testbeds contributed by iTrust — the Secure Water Treatment (SWaT), Water Distribution (WaDi) and Electric Power and Intelligent Control (EPIC) OT testbeds, integrated with an Enterprise IT network of VMs hosted within NCL.
Over 50 cyber defenders from 17 organisations representing five critical sectors — power, water, telecommunication, land transport and maritime — formed five combined blue teams to monitor and defend the CII systems over two days.
A composite red team will launch a series of live simulated cyber attacks on these systems over two days, while the five blue teams will work in concert to detect and respond against the attacks.
The event was a success and helped participants sharpen their technical competencies and improve their cyber-attack defence readiness.
Preparations:
It was an intensive 9 months of preparation by MINDEF, NCL and ST to prepare the location design the attack scenarios of what could really happened to an attack to the CII (Critical Information Infrastructure) in Singapore and to prepare the cyber defenders in terms of skillset.
Being a white Team
CyberXCenter CEO participated as the white team, to help coorindate the event, understandng the attack, propose scenarios, and toe respond to the forensic query real time to the participants. Participants includes regulators, CIIs engineers and also the MINDEF team as the lead of the programme:
Some of the links
Comments