Energy company innogy today opened the first training centre in the German-speaking region of Europe in Essen, Germany, where operators of electricity grids can practice how to fend off hacker attacks.“CyberRange-e” is innogy’s state-of-the-art training academy for learning to identify threats in time, initiate suitable protective and defensive measures and thus to practice dealing with a cyber-attack.


Image: innogy's CyberRange-e centre in Germany. Photo: courtesy of innogy.

“WannaCry, NotPetya or Spectre/Meltdown are just some examples of a new type of cyber-attacks and IT security incidents; at the same time digitalisation is progressing and IT systems are becoming ever more closely interlinked, constantly increasing our dependency on functioning IT systems. This combination of a new quality of attacks and increasing digitalisation lifts the threat levels to unprecedented heights and operators of critical infrastructure in particular need to keep up with those developments. Based on the stipulations set out in the IT Security Act, the Federal Office for Information Security (BSI) provides advice and practical support for critical infrastructure (KRITIS) operators “, explained BSI President Arne Schönbohm.

CyberRange-e is innogy’s response to this new type of threat. The company not only wants to develop the skills of its own staff, but also to open up the academy for employees of municipal utilities and other system operators. Up to twelve network and IT specialists at a time can practice how to manage cyber-attacks under real-life conditions in the 450-square metre training facility. This includes war-game methods, pitching the participants against real hackers. What is special about it: the training courses are tailored to the needs and skills of the users and emulate real-life electricity grid conditions. Equipment in the training centre therefore includes real control systems used in grid control centres, several substations as well as the associated IT infrastructure.

Prof Andreas Pinkwart, Minister for Economic Affairs, Digitisation, Innovation and Energy of the State of North Rhine-Westphalia: “Industry in North Rhine-Westphalia, in particular the energy industry with its highly sensitive infrastructure, is facing a unique challenge in terms of protecting data and safeguarding processes and procedures. The economic damage from a cyber-attack arising from production outages, data theft or time-intensive and costly restoration of data can be considerable. It is important that industry, public institutions and the world of science can protect themselves from illegal access to their IT systems. Therefore, I am delighted that the new innogy CyberRange-e provides an opportunity to further sensitise employees to these issues and helps increase the resilience of our companies and public institutions against cyber-attacks.”

Essen, Germany’s energy capital, was always innogy’s number-one choice as the location for CyberRange-e. Lord Mayor Thomas Kufen is pleased: “Digitalisation brings plenty of new opportunities – but also challenges. Living and working with the internet has its downsides: cyber-crime can pose a real threat for businesses and authorities. Especially when it comes to the pillars of modern society, like the security of our energy infrastructure. I am proud that here in Essen we are opening the first dedicated training centre in the German-speaking region of Europe that was set up especially to actively prepare businesses and their employees to protect themselves against and deal with cyber-attacks.”

Cyber security has been high up on innogy’s list of priorities for quite some time. Group security is a centrally coordinated team of 130 employees, most of whom are exclusively concerned with cyber security, information security and data protection. The main focus is on sensitising the employees to cyber threats. “The human factor is still the weakest link when it comes to fending off cyber-attacks. Businesses must understand that responsibility for system and data security does not exclusively lie with IT experts. They must prepare their employees in comprehensive training sessions. CyberRange-e is our contribution towards the security of critical energy infrastructure”, as Uwe Tigges,CEO of innogy SE, points out.

Three years ago, innogy initiated its “Human Firewall” project. The reason: a business may have the most sophisticated systems, but they are useless if the users are not aware of potential threats. Florian Haacke, Head of Group Security: “At innogy we do far more than is legally required. Making security an integral part of digitalisation and every employee’s working culture is key.” We provide, for example, training videos, courses, live hacks, and the team has created the interactive “What the hack!” game. In addition, innogy has sent over half a million phishing e-mails to employees to test if the measures for sensitising them have been successful.

Source: Company Press Release