Nordic collaboration for stronger non-military defence
Protecting critical infrastructure is an essential part of every nation’s non-military defence programme. In the Nordics, this is partly done collaboratively to pool resources, know-how and expertise. Although this brings benefits, it also puts tough demands on personnel and organisations as they must work together as one unit in order to manage large-scale incidents. Within the electricity sector – and more specifically national grid owners – a rotating Chairmanship is shared among the different nations. As a framework partner of Statnett, the Norwegian state-run national grid company, 4C Strategies were invited to bring together the 16 different actors involved in a crisis, and test and develop their joint capabilities. We spoke with Mikael Grape, Managing Director of 4C Strategies, who led the cyber exercise project team.
“An attack on the national grids will have wide-reaching repercussions for nations and societies alike. Everything from large enterprises to homeowners to healthcare facilities and beyond can be affected, depending on the severity of the incident. Statnett, with our support, chose to scenario-test the collective Nordic crisis management abilities to handle a cyber security attack, as this is a serious potential threat being faced on a consistent basis within critical infrastructure.”
Incident escalation in a crisis
Over two days, a sinister cyber-attack against SCADA systems in all five Nordic countries was played out in a tabletop setting, mixed with live elements such as press conferences and films. New incidents were introduced throughout the exercise to replicate a real-life event. This provided an excellent opportunity for representatives from regulating authorities, Computer Emergency Response Teams (CERTs) and transmission system operators in all five Nordic countries to come together and develop their readiness.
“A crisis isn’t one single event, but rather a series of events that occur and often escalate over time as actions and reactions are taken during a response. By recreating this in a scenario exercise you take people from theoretically knowing what should be done in a crisis to actually finding out what happens and the domino effect of their actions. It’s an important lesson to learn and experience.”
To make the cyber exercises as realistic as possible, 4C produced YouTube clips and social media posts from the attackers, and 4C consultants acted as journalists questioning the nominated spokesperson during mock press conferences. To support the teams in the exercise, the two-day event began with cyber security training session and ended with a group-wide review. 4C consultants were also on hand during the exercises to advise teams if they needed it.
Cyber training for diverse organisations
4C Cyber Training and Exercises have been run at a wide range of organisations in the public and private sectors, including international banks, manufacturers and ENISA (the European Cyber Security Agency). This ranges from relatively simple workshops, through to table-top and simulation or command-post exercises – where multiple elements of an organisation’s resilience capability can be subject to analysis and review. With the wealth of features and tools available within our Exonaut software, exercises can be brought to life with simulated social media feeds, news clips and other injects, to make them realistic, challenging, engaging and fun for participants.
Get in Touch
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.