The competition was organized by the National Cyber Training Ground Rostelecom Solar. The participants had to prevent an attack on a major electric substation that could lead to a city-wide blackout.
The competition consisted of three stages: first, the teams had to detect malware that threatened the power company’s critical systems. The participants had to fully reconstruct the timeline of the attackers’ actions from the moment they hacked into the network to the actual attack. At the second stage, the teams prepared a report on what exactly the attacker did, which signs indicate the presence of malicious code, as well as what measures should be taken to eliminate the consequences of the cyberattack and prevent its recurrence. Finally, in the third stage, the cybersecurity specialists implemented these measures and observed how sufficient they were in real time.
A so-called digital twin that imitates the real infrastructure of a power supply company was used for the competition. The attacks were reenacted realistically, too, and included all actions a malefactor typically performs.
Among those who managed to completely solve the task were students from ITMO’s Faculty of Secure Information Technologies. For Jean Daniel Kouam Waguia, Van Chuyen Nguyen, and Rand Deeb, this was the first time participating in such a competition, but nevertheless, they performed just as well as professionals from major international security companies (such as Kazakhstan’s Center for Analysis and Investigation of Cyberattacks and the Belarusian National Computer Emergency Response Team).
ITMO’s team was headed by PhD students Artem Pavlov and Georgy Gennadyev, multiple-time winners of CTF-format cybersecurity competitions, as well as other national and international contests. Their team ITMO))) recently became a winner at the competition for students of the Northwestern Federal District and will take part in national cyber drills this autumn.
Another team member, Rand Deeb, also takes part in cybersecurity competitions on a regular basis – last year, he took the first place in Syria National Cybersecurity CTF.
According to Artem Pavlov, the tasks were quite difficult, but solving them helped students understand how to work with large infrastructures:
“As a rule, companies have a large infrastructure in which a lot of events are happening at the same time. The SIEM systems we work with contain data on all of them. If you don’t know how the attacks take place, it’s quite difficult to detect and select a few dozen events relevant to the attack out of the two hundred thousand of them. It’s a difficult task, but we did a good job as a team and were able to both restore the attack sequence and take appropriate measures. We were lucky that our team included both experienced specialists and deeply engaged and active students. For them, it was a very useful experience of working with advanced security systems, which otherwise they couldn’t have encountered during their studies,” says Artem Pavlov, a PhD student at ITMO’s Faculty of Secure Information Technologies.