Cybersecurity Training for Utilties |

Cybersecurity Training for Utilties

With growing concerns on securing critical infrastructure from cyber-attacks, Frakes Engineering joined 15 public and private sector organizations...

Recently we participated in a very unique exercise that was a government, public, private partnership of 15 entities. By utilizing the Muscatatuck Urban Training Center, a live, reality based training exercise was stood up for municipalities to bring their operators and superintendents to and experience first-hand what it’s like to operate a functional water plant while it is being hacked.

The center, which runs “complex” operational training exercises for the Department of Homeland Security, the military, civilian emergency responders and such is a 1,00-acre self-contained town with its own hospital, schools, and most importantly to us, a fully functioning water treatment plant. The treatment plant was taken off line last year, providing us the perfect opportunity to conduct a very unique exercise. A SCADA system was put together that represents a typical small water system control system consisting of two PLC’s controlling a surface water treatment plant equipped with two high service pumps and chemical feed systems. Each team was briefed on the characteristics of the water system and trained on the SCADA system. Once the system was being operated by the exercise participants, a “red team” of hackers attacked the system in many of the ways described in this article.

The operators were exposed to several attacks where they lost control of their plant and distribution systems. Once they determined that what they were seeing on their SCADA system was not in fact reality they then were exercised on how to respond and take manual control, who to notify they were the victims of a cyberattack and how to get their system secured and operational again, while not destroying forensic evidence that the State Police and the FBI would be able to use to track down the perpetrator.