Initial Planning

We met with ČEZ management months before execution. Clear objectives established. Result: a five-day program – two days of briefings, and three days of practical defense scenarios.

Not our first exercise with ČEZ. Still, creating challenges for skilled professionals demands precision. Participants brought varied backgrounds. Our task is to form balanced teams that maximize these diverse capabilities.

Informative statistics related to the preparation phase of our recent exercise.
Informative statistics related to the preparation phase of our recent exercise.

Informative statistics related to the preparation phase of our recent exercise.

Scenario Engineering

We designed a scenario targeting two critical factors: exercise objectives and participant engagement. The energy sector focus demanded the integration of Industroyer2 and CaddyWiper malware. Based on actual Sandworm group attacks from spring 2022. We incorporated specific techniques from the MITRE ATT&CK® framework.

The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.
The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.

The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.

Infrastructure

That means complete IT and OT systems replicating an energy power plant. All components are functionally integrated. Real-time monitoring with data visualization. Each team received slightly modified infrastructure to test adaptability across different attack phases.

We tried to make the experience as captivating as possible for all participants, for example by using gamification elements such as manuals and graphic materials to operate the power plant.
We tried to make the experience as captivating as possible for all participants, for example by using gamification elements such as manuals and graphic materials to operate the power plant.

We tried to make the experience as captivating as possible for all participants, for example by using gamification elements such as manuals and graphic materials to operate the power plant.

Enhanced Realism

We built employee personas and external communications (GovCERT, CISO, staff emails). ChatGPT is integrated for scenario development and participant interaction. Beyond technical defense, we tested team communication and coordination under pressure. Established clear blue team hierarchies and mandatory response protocols.

Read part two for execution details and lessons learned: ČEZ defense in action: Execution and Lessons Learned (Part II).