Theory Applied to Practice

Solid theory precedes effective action. First two days: focused briefings on attack and defense techniques. Direct interaction with our experts. Not lectures – working sessions.

Participants received complete documentation: SOC processes, IT/OT maps, response protocols, and technical references. No knowledge gaps.

Informative statistics related to the delivery phase of our recent exercise.
Informative statistics related to the delivery phase of our recent exercise.

Informative statistics related to the delivery phase of our recent exercise.

Operational Structure

The Hands-on phase used hierarchical organization: three Blue Teams defending separate power plants, and one SOC team providing oversight. This structure forced communication and coordination under pressure.

Teams followed strict protocols: emergency shutdown procedures, incident response workflows, warning systems, and data request processes.

The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.
The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.

The hands-on part of our exercise took place in our training facility, where all participants formed their assigned teams.

Technical Response

Teams performed incident investigations across network topologies. Defense hardening is implemented through AD GPO, PowerShell, DNS configuration, Exchange security, and firewall rules. Kibana filters were deployed to identify attack patterns.

Exercise combined team defense with escalating challenges. AI systems simulated realistic employee behavior requiring communication management throughout the scenario.

Lessons Learned

  1. Physical Elements Drive Realism: OT systems mimicking actual power plant operations created authentic pressure impossible in purely virtual environments.
  2. Plan for Unexpected Responses: Motivated teams found unanticipated solutions. Always have contingency plans for key scenario elements.
  3. Expert Support Critical: On-site technical advisors provided essential guidance at critical decision points.

ČEZ partnership continues. We’re enhancing scenario infrastructure and technical elements based on these findings. Critical infrastructure defense requires the highest training standards.

In case you haven’t read the first part on exercise preparation, you can read it here: Designing ČEZ defense exercise: Preparation and planning (Part I).