KSÖ, AIT and the House of Digitalisation organised cyber security training for the Austrian economy

On 13 and 14 November, the Competence Centre for a Secure Austria (KSÖ) organised the sixth cyber simulation game together with the AIT Austrian Institute of Technology and the House of Digitalisation. The cyber security exercise, which took place on state-of-the-art IT infrastructure, aimed to train representatives of Austrian companies and authorities in the event of an emergency using a fictitious cyber attack on the state, economy and society. The added value of such realistic simulation games and training sessions has already been confirmed by stakeholders in recent years as very positive and important.

With the aim of permanently disrupting supply chains in Austria and damaging Austrian society and thus the economy, sophisticated malware was installed by attackers in various software components over a longer period of time and simultaneously in several important industrial sectors (industry, chemicals, transport, logistics, food and information and communication technology). For example, email clients, ERP systems and electronic banking applications as well as various software backup systems were infiltrated unnoticed with malware.

Five teams fought against massive cyber attacks

The KSÖ simulation game 2023 addressed security actors and experts from IT departments, representatives of public authorities and stakeholders from affected sectors. The players were confronted with a sophisticated cyberattack scenario in order to evaluate the existing security and communication measures implemented in the players’ organisations.

In addition, special attention was paid to coordination and cooperation between the individual organisations in the simulation. The planned communication processes and coordinated procedures were rehearsed and subsequently evaluated under the difficult conditions that apply in the scenario (lack of clarity about the origin of the attacks, severity of the incident, cross-sectoral effects). The organisations participating in the exercise are all affected by the NIS2 Act, so this exercise is also a preparation for the upcoming implementation of the NIS2 Directive for all participants.