Michigan Cyber Range hosts cyber exercise

Power Phoenix Tests Incident Response in a Real-world Simulation

The Michigan Cyber Range, powered by Merit Network, held a cyber security exercise for Consumers Energy and DTE Energy on Wednesday, October 15, 2014. The exercise, called Power Phoenix, was a training operation for testing incident response skills. Representatives from Consumers Energy, DTE Energy and the Michigan State Police worked closely with Cyber Range staff to create the exercise.  

Replacing a traditional table-top exercise, Power Phoenix helped fulfill annual compliance requirements for both Consumers Energy and DTE Energy. "We are always looking for ways to practice our incident response plans and skills.  This event allowed us to do so in safe environment with a realistic incident." said Jim Beechey, Director of Cyber Security for Consumers Energy.

Consumers Energy and DTE Energy participated in identical exercise environments, called Betatown and Gammaburg, based on locations in the Cyber Range's Alphaville. Created by the Michigan Cyber Range, Alphaville is a virtual training environment designed for testing cyber security skills.

Alphaville contains five locations, each representing a different security level. Power Phoenix took place within the Alphaville Power & Electric Company. This virtual power company demonstrates the protocols and security challenges required to secure a SCADA environment. SCADA, supervisory control and data acquisition, is a computer system for gathering and analyzing real-time data, a system typically used to monitor plants or equipment in the energy industry.

"We would normally use a table-top exercise for our training. For the technical people, this exercise is very valuable, to deal with injects using the tools that we would use in a real incident," said John Townsend, Manager of Information Protection & Security at DTE Energy.

The scenario for Power Phoenix began with a malware-compromised network. The firewall logs showed attempts to connect outside of the SCADA environment. The incident response teams and IT security managers from Consumers Energy and DTE Energy located the anomalous activity, mitigated the attack vector and worked to resolve the breach. Forensic team members performed an in-depth analysis of the activity.

Joe Adams, director of the Michigan Cyber Range, conducted an after action review immediately following the Power Phoenix exercise. The participants spoke about how they approached the challenge, what they learned, and ways to improve communication and documentation in current systems to enhance response procedures.