Cyber-Defence Campus: Successful crisis simulation strengthens cybersecurity capabilities in Switzerland
In response to the increasing complexity of cyber security at the national level, the Cyber-Defence Campus, armasuisse S+T, was commissioned with the pilot project «Cyber Training @ Cyber-Defence Campus». The pilot project was launched in connection with the National Cyber Strategy (NCS) of the Federal Council. The aim of the project is to bring together various organizations of national importance as a community and to provide them with a well-founded range of cyber training courses. These exercises are primarily aimed at cantonal and federal authorities, police units and critical infrastructures and are designed in close cooperation with the National Cyber Security Centre (NCSC). Synergies with industry and the Swiss Armed Forces Cyber Training Range are also utilized.
Andrea Thäler, Cybersecurity and Data Science, armasuisse Science and Technology
With the new «Cyber Training @ Cyber-Defence Campus» project, Swiss authorities and critical infrastructure can complete cyber trainings. This enables them to reflect on their own cyber activities, recognize potential vulnerabilities and identify ways to close them.
On Thursday, May 16, 2024, the «Cyber-Defence Campus, Cyber Crisis Simulation» took place at the Cyber-Defence Campus in Zurich. This all-day event was attended by 20 participants from critical infrastructures, police units, cantonal and federal authorities and their service providers. The simulation was supported throughout by Cyber-Defense Campus employees and two militia officers from the Cyber Command of the Swiss Armed Forces.
The event began with a speech by Dr. Vincent Lenders, Head of the Cyber-Defense Campus, and an overview by Cédric Aeschlimann, Scientific Project Manager at the Cyber-Defense Campus, who explained the objectives of the exercise. The participants were then divided into four groups, each of which was supervised by the organizers and available for questions and support.
Cyber Crisis Simulation
During the simulation, participants were confronted with a fictitious scenario: The Zurich Energy Company, a fictitious company responsible for supplying energy to the city of Zurich and wholly owned by the canton and the city, had to deal with a crisis. The company operates power plants, dams, and wind farms, and also manages the power lines to customers. Since there were no pre-existing crisis management guidelines, the participants had to develop them during the exercise. The company's crisis team consisted of five departments: Customer Relations, Electricity Production, Network Management, Public Relations and IT.
In this fictional scenario, the number of reported cyber incidents increased in 2023, particularly fraudulent emails, phishing and ransomware attacks. Attacks on industrial control systems and operational technologies pose the greatest threat to energy companies.
Participants received various events, known as injects, to which they had to respond. These injects came in the form of emails from fictitious people inside and outside the organization, as well as media representatives. Participants had to decide which injects to respond to, create and implement a communications plan, and develop a continuity plan to manage the crisis. Over the course of the exercise, participants were required to submit the following deliverables:
- Situation assessment
- Communication plan and summary of actions taken (twice a day)
- Business continuity plan
Cyber-Defence Campus coaches and tools such as templates were available throughout the day to provide advice, support, and guidance to participants working together in groups.
Lessons learned
At the end of the day, a joint after-action report and debriefing took place. All participants came together to reflect on the day and give feedback. The feedback was overwhelmingly positive. Many participants emphasized that the exercise had made it clear to them where their organizations have gaps and what needs to be improved internally. They also mentioned the importance of regular practice in such situations.
The templates used during the exercise were particularly positively highlighted, as well as the opportunity to identify missing knowledge and understand what needs to be worked on. The participants also praised the diverse composition of the working groups, the realistic scenarios, and the injects. Additionally, it was noted that teamwork is of significant value and that it is crucial to understand the necessity of communicating with specific individuals at specific times.
From the perspective of the militia officers from the Cyber Command of the Swiss Armed Forces, it was determined that a precise structure and division of tasks are essential. In crisis situations, it is crucial that no assumptions are made. It must also be ensured that one person is responsible for documenting the situation. The most significant findings from the exercise were summarized as follows:
- Regular practice is essential «exercise, exercise, exercise.»
- Everyone in the organization should know their own strengths, weaknesses and resources,
- and it is important to know the right people for support.
The Crisis Communication Guidelines and the Crisis Management Guidelines of the Swiss Armed Forces were made available to the participants during the exercise. These support materials were found to be beneficial. The Crisis Communication Guidelines of the Swiss Armed Forces included clear and precise communication during a crisis, the definition of communication channels and routes, as well as the assignment of responsibilities for communication.
The «Cyber-Defence Campus, Cyber Crisis Simulation» event was a great success. Participants were able to gain valuable experience and important insights into how they can improve their internal processes. The positive feedback and lessons learned emphasize the importance of such exercises for strengthening cyber security capabilities in industry and critical infrastructures.
Special thanks go to the employees of the FOCS and the Swiss Armed Forces, who were actively involved in the preparation and organization of this event