ANN ARBOR, MI – The Michigan Cyber Range, powered by Merit Network, held a cyber security exercise for Consumers Energy and DTE Energy on Wednesday, October 15, 2014. The exercise, called Power Phoenix, was a training operation for testing incident response skills. Representatives from Consumers Energy, DTE Energy and the Michigan State Police worked closely with Cyber Range staff to create the exercise.
Replacing a traditional table-top exercise, Power Phoenix helped fulfill annual compliance requirements for both Consumers Energy and DTE Energy. “We are always looking for ways to practice our incident response plans and skills. This event allowed us to do so in safe environment with a realistic incident.” said Jim Beechey, Director of Cyber Security for Consumers Energy.
Consumers Energy and DTE Energy participated in identical exercise environments, called Betatown and Gammaburg, based on locations in the Cyber Range’s Alphaville. Created by the Michigan Cyber Range, Alphaville is a virtual training environment designed for testing cyber security skills.
Alphaville contains five locations, each representing a different security level. Power Phoenix took place within the Alphaville Power & Electric Company. This virtual power company demonstrates the protocols and security challenges required to secure a SCADA environment. SCADA, supervisory control and data acquisition, is a computer system for gathering and analyzing real-time data, a system typically used to monitor plants or equipment in the energy industry. “We would normally use a table-top exercise for our training. For the technical people, this exercise is very valuable, to deal with injects using the tools that we would use in a real incident,” said John Townsend, Manager of Information Protection & Security at DTE Energy.
The scenario for Power Phoenix began with a malware-compromised network. The firewall logs showed attempts to connect outside of the SCADA environment. The incident response teams and IT security managers from Consumers Energy and DTE Energy located the anomalous activity, mitigated the attack vector and worked to resolve the breach. Forensic team members performed an in-depth analysis of the activity.
Joe Adams, director of the Michigan Cyber Range, conducted an after action review immediately following the Power Phoenix exercise. The participants spoke about how they approached the challenge, what they learned, and ways to improve communication and documentation in current systems to enhance response procedures.
About Michigan Cyber Range
The Michigan Cyber Range prepares cybersecurity professionals to detect, prevent and mitigate cyber-attacks in a real-world setting. Like a test track or a firing range, the Michigan Cyber Range enables individuals and organizations to conduct “live fire” exercises: simulations that test the detection and reaction skills of participants in a variety of situations. The Michigan Cyber Range also offers certification courses for a number of cybersecurity disciplines, with instruction available on-site and live online. A full training schedule may be found at the Merit Michigan Cyber Range web site: www.merit.edu/cyberrange/.
The Michigan Cyber Range is hosted and facilitated by Merit Network in partnership with the State of Michigan and with the sponsorship of DTE Energy.
About Merit Network
Merit Network Inc., is a nonprofit corporation owned and governed by Michigan’s public universities. Merit owns and operates America’s longest-running regional research and education network. In 1966, Michigan’s public universities created Merit as a shared resource to help meet their common need for networking assistance. Since its formation, Merit Network has remained at the forefront of research and education networking expertise and services. Merit provides high-performance networking and IT solutions to Michigan’s public universities, colleges, K-12 organizations, libraries, state government, healthcare, and other non-profit organizations.
For more information: www.merit.edu[meritmediacontact]