Since 2020, when SA Power Networks became one of our first customers, they have worked hard to improve their cyber security incident response capability. Throughout 2023 and into 2024, They have continued to demonstrate their steadfast approach to enhancing their cyber resilience – running more internal exercises, and increasing their scale and complexity.
Their very capable Cyber Team (led by Nathan Morelli, Head of Cyber Security and IT Resilience), have worked closely with us over the past several years to run a variety of exercises, always aimed at uplifting their Incident Response and Disaster Recovery capability. Their strategy has been focused on targeting and improving both their technical response ability and fostering close working relationships amongst various teams and their wider business groups, who might be engaged to help out during an incident or in the recovery.
SA Power Networks’ ability to routinely conduct training was enabled by Gauntlet, Retrospect Labs’ cyber exercise platform. They have been using Gauntlet for a few years now, and it's been key to establishing a solid foundation for skill and capability development within the Cyber Team.
SA Power Networks’ Cyber Initiatives in 2023
This past year, SA Power Networks has actively engaged multiple internal teams in several exercises designed by Retrospect Labs, using scenarios ranging from data breaches through to destructive attacks. The exercises, crafted to assess and fine-tune the cyber team's readiness, also incorporated the participation from other teams such as, IT Operations, Corporate Communications, and Legal (just to name a few!).
Exercises Highlights of 2023
Not wanting to give their whole exercising game away, here's a summary of some of the exercises they ran in 2023:
Corporate Comms Data Breach Incident: A tabletop exercise focusing on corporate communication in the wake of a data breach.
Servers Team Destructive Attack: Testing technical response and recovery abilities after the domain controllers were targeted.
Compromise of an MSP: For the CyberOps team, echoing real-world attack tactics akin to the CloudHopper campaign.
Third Party Compromise and Data Theft: Dealing with a third-party compromise and its impact on customer records.
Networks Team IT Resilience Exercise: An exercise simulating an incident in which the corporate firewall was compromised and maliciously altered.
Learning Outcomes
SA Power Networks cyber team came out on the other side of these exercises with strengthened capabilities and a refined ability to collaborate better as a team, and with other teams. Recognition of strengths and identification of areas for improvement were an outcome of every exercise, and the team have a number of projects underway to remediate any issues found. Nothing is ever perfect, and this is why exercising is so important. Continually iterating, improving, and refining.
Notably, the team's competitive edge was highlighted by a win in a cybersecurity incident response competition! This challenge was built in the format of a cyber security exercise and required the participants to not only focus on the technical aspects of their response, but also manage the wider aspects typically involved in incident response, such as managing the media, considering legal and privacy obligations, as well as briefing various different stakeholders.
Advancing With Gauntlet into 2024
Continuing to use Gauntlet throughout 2024, SA Power Networks cyber team intend to maintain an aggressive approach on skill enhancement, risk mitigation, and incident readiness. They'll be regularly participating in Gauntlet's realistic exercises, allowing them to rapidly adapt and to be agile in their response to real cyber incidents.
Advantages of Regular Exercising
Apart from the obvious, their goals when it comes to undertaking exercises regularly through Gauntlet include:
Risk Mitigation: Identifying and addressing gaps continually, reducing the likelihood of an incident turning into a disaster.
Incident Readiness: Preparedness to take considered and informed action swiftly in real-world scenarios.
Integration Across Departments: Ensuring cohesive and comprehensive organisational responses to any cyber incident.
Continuous Skill Development: Remaining informed, aware of, and comfortable with new defensive techniques and how to respond to them.
SA Power Networks Cyber Security Team’s Road Ahead
SA Power Networks Cyber Security team continue to lead the way for using Gauntlet to conduct exercises, build skills, and drive internal capability development. They're committed to improving and maintaining their state of readiness and resilience. Some of their goals for this year are:
- Further developing refining, and fortifying response processes.
- Formalising protocols for swift and efficient incident response.
- Cultivating enhanced inter-team collaboration.
With each new exercise, They will further improve their defence strategies, ensuring they play their part in providing a resilient and secure power grid and protecting customer data.
.png)
