The Cyber Team at South Australian Power Networks (SAPN) embarked on an ambitious upskilling journey in the latter half of 2022, that saw them undertake a number of cyber security exercises aimed at reinforcing good processes, identifying gaps in capability, and steering the team in the right direction for future growth. As we ease in to 2023, the team aren't slowing down, with an ambitious program of exercises ahead of them for the rest of the year.
When Nathan Morelli started as the Head of Cyber Security and IT Resilience in 2020 at SAPN, he was fortunate to step into a leadership role where the baseline tools, capability, and a small team had already been put together, and was already working pretty well. But as most public reports on whatever the latest compromise is, pretty well doesn't really cut the mustard when it comes to cyber defence. Nathan realised that as the team grew in size, in order to take this team to the next level of cyber readiness, he needed to truly and repeatedly test them. Different exercises, targeting different skills, capabilities, and processes would help Nathan get a grip on what else his team needed to grow and improve, as well as SAPN's ability to effectively respond to that inevitable incident.
What did they do?
The first goal was understanding where the team were at, and where they wanted to be. Understanding the lay of the land as best they can helped Nathan to understand how the team could benefit from exercising. The Cyber Team then engaged Retrospect Labs - who specialise in cyber security exercises. That's all they do. They have the incident response and exercise expertise to design exercises that truly test SAPN readiness. Working together, exercises were scoped and designed that would be both engaging and fun for teams to participate in, but also useful, and provide them with practical learnings and takeaways. Being forward leaning, exercises were scoped to go beyond just the usual tabletop discussion format, which don't get us wrong are still valuable, but the Cyber Team really wanted to push themselves and go beyond. So the exercises were functional, meaning they had to respond to them as if there were a real incident. Do all the things they would normally have to do to respond to something - analyse technical artefacts, prepare briefings for the CEO, engage the Media Team and help them prepare a statement. That kind of thing.
The Cyber team haven’t only used Retrospect Labs exercises for their own benefit. During late 2022, the team expanded participants in exercises driven through Gauntlet to include other separate exercises with teams such as IT Operations, Legal and Communications. These have broadened the organisations understanding of cyber security incidents, whilst also providing multiple improvement opportunities for enhanced organisation wide incident response.
What did they learn?
After participating in a few exercises (and let's not forget to mention that the SAPN team were the winners of a cyber security exercise competition, which saw them beat over ten other teams) it’s safe to say the team has learnt a lot. They've learnt where their strengths lay, which means they have the confidence they need to respond to certain things, because they know they will do it well. But they also learnt where they need to improve - and in the world of cyber, where our adversaries are constantly getting better and better, there will always be areas that network defenders need to improve in. And kudos to the team for being so open to learning and having the attitude and willingness to participate (and participate with determination!) in the exercises they were presented with.
Recognising the need to exercise, to train and improve constantly, the SAPN Cyber Team are among the first organisations to procure technology to help them exercise year-round. Cementing their place as a leader within the Energy Sector when it comes to cyber readiness, they're continuing their journey with Retrospect Labs for the next twelve months, that sees them adopt a unique platform that will enable to SAPN Cyber Team to conduct further exercises on-demand. The next twelve months will see their skills grow, their processes refined, formalised, and cemented, and their readiness improved.