The Competence Center for Safe Austria (KSÖ) took place on November 6th and 7th together with the AIT Austrian Institute of Technology and the BAWAG Group that already seventh cyber simulation game. The cybersecurity exercise, which took place on state-of-the-art IT infrastructure, aimed at representatives of Austrian and international companies and authorities training in an emergency using a fictitious hybrid attack on the state, economy and society. The added value of realistic simulation games and training has been confirmed as very positive and important by the various stakeholders in many exercises in recent years (see also https://cyberrange.at/news/).
The training scenario: Hybrid attack on the banking infrastructure
In this cyber security training, the approximately 100 participants were in various roles as employees of the fictitious industrial company OptiTeq and the fictitious OeBank, each of which was the target of a massive wave of cyber attacks carried out by a criminal syndicate. In order to ward off these attacks, participants had to react accordingly to identify the threats and take appropriate countermeasures. Challenges included protecting sensitive data, defending against a ransomware attack, mitigating fake information and disinformation campaigns, and preventing financial theft. The participants were also confronted with physical attack vectors on production facilities and fake bank transactions. The aim of the training was to improve the ability to respond to complex, coordinated attacks to ensure business continuity in critical situations.
6 teams fought against hybrid cyber attacks
The KSÖ simulation game 2024 was aimed at security actors and experts from various countries (Austria, Germany, Liechtenstein and Italy) as well as from affected sectors and industries (financial sector, industry, IT service providers). Ministries from the countries mentioned as well as GOV-CERTs and CERTs were also involved. Participants were confronted with a sophisticated, hybrid cyberattack scenario to evaluate the existing security and communication measures in their organizations. Particular attention was also paid to coordination and cooperation between the individual organizations. The difficult conditions in the scenario, such as the lack of clarity about the origin of the attacks, the severity of the incident and the associated cross-sectoral effects, provided the basis for testing and subsequently evaluating the planned communication processes and coordinated procedures. Since the NIS2 guidelines and the DORA regulation apply to the participating organizations, this exercise also served as a preparation for the upcoming implementation of the guidelines for all those involved.
Training in a modern digital simulation environment
The threat scenario was implemented by AIT cybersecurity experts in the “AIT Cyber Range”. This is a flexible digital simulation environment for cybersecurity exercises. In the “AIT Cyber Range”, IT infrastructures and communication processes are simulated realistically so that the detection and defense of a wide variety of attacks can be trained. This makes it possible to train defense against cyberattacks in extreme situations and even in critical infrastructures where “real” testing in the real world is often not possible for security or cost reasons. In this way, structures and processes can be analyzed and sources of errors can be identified. The interactions between effects and actions and reactions can therefore be traced safely and transparently in order to achieve a high level of resilience.
Quotes:
Mag. Gerhard Karner, Federal Minister of the Interior:
“Close cooperation between public administration and business is particularly important when it comes to cybersecurity. I would like to thank all participants for their commitment and commitment and the KSÖ for the exemplary organization.”
Mag. Michael Höllerer, President KSÖ:
“The issue of cybersecurity must be viewed holistically and across countries and sectors. Our goal is to identify and network a wide range of stakeholders, nationally and internationally. The multi-layered exchange contributes significantly to making Austria safer and increasing the resilience of companies.”
Dr. Guido Jestädt, board member at BAWAG Group AG:
“The threat of cybercrime is constantly increasing and poses major challenges for the entire industry. The key to containing these dangers lies in national and international cooperation between banks, bank customers, telecommunications companies, the police and the legislature. This is the only way to effectively counteract cybercriminals.”
Dr. Helmut Leopold, Head of Center for Digital Safety & Security, AIT:
“We can only play a pioneering role internationally in the area of cybersecurity through close cooperation between science, companies and authorities. The most modern technologies and the highest level of expertise combined with practical experience in defending against cyber attacks through such exercises and simulation games are the basis for sustainable digital protection for our economy and society. We are proud to have taken on a leading role internationally with one of the most modern digital cyber security training platforms, the AIT Cyber Range.”
COMPETENCE CENTER SAFE AUSTRIA
Exchange of experiences, further development and addressing of new topics relating to the central area of internal security – against this background, the KSÖ has been gathering committed personalities from business, science, administration and politics at one table since 1975. Our overarching goal is to make Austria safer. One thing is clear to everyone involved: the police alone cannot guarantee the safety of everyone – more committed actors are needed! In order to achieve this, the KSÖ is constantly working to raise people’s awareness of problems in the area of security and to promote cooperation between citizens, the executive, politics, media, science and business
on the subject of security to be continually improved. In recent years, Austrians, and especially the media as opinion multipliers, have been able to raise awareness of many security issues with a whole series of initiatives.
AIT AUSTRIAN INSTITUTE OF TECHNOLOGY
The AIT Austrian Institute of Technology occupies a leading position in innovation in Austria and also plays a key role at the European level as the research and technology institution that deals with the central infrastructure issues of the future. AIT’s research and technological developments realize fundamental innovations for the next generation of infrastructure technologies in the areas of Energy, Transport Technologies, Health & Bioresources, Digital Safety & Security, Vision, Automation & Control and Technology Experience. These scientific research areas are supplemented by expertise in the area of Innovation Systems & Policy. As a national and international hub at the interface between science and industry, AIT makes innovations possible thanks to its scientific and technological expertise, experience in the markets, close customer relationships and an excellent research infrastructure.
BAWAG GROUP AG
BAWAG Group AG is the listed holding company based in Vienna, Austria and serves 2.5 million private, SME and corporate customers as well as public sector customers in Austria, Germany, Switzerland, the Netherlands, Western Europe and the USA. The group offers a wide range of savings, payment transactions, credit, leasing and investment products as well as building savings and insurance under various brands and through different sales channels. Providing simple, transparent and first-class products and services that meet customers’ needs is at the heart of their strategy in all business areas.