A cyberattack on the power system has shut down your power provider’s wind, solar and natural gas operations during a bitter cold snap. Ransomware puzzles must be solved, codes cracked and forensics run before any system can be restarted. You have one hour. Go!

That was the scenario facing electric cooperative staff who signed up for an escape room exercise designed by Idaho National Laboratory and the U.S. Cybersecurity and Infrastructure Security Agency. 

The activity debuted at NRECA’s third annual Co-op Cyber Tech Conference June 11-13 in Arlington, Virginia, and drew nearly 70 participants to six escape room sessions.  

INL’s Chris Johnson and Kelly Johnson managed the escape room and told players that a key to success was communication and that siloing could prove problematic. 

“The escape room tests your ability to work together to help defend against an attack,” said Chris Johnson. “We try to pressure the situation.”

Teams of IT and OT managers, network administrators and others worked together to defeat the cyber mayhem. Locks had to be picked, codes had to be uncovered through puzzles, and there was even a virtual reality component in which players built a gas facility to obtain a code.  

“We got the [natural gas] separator on, but someone is controlling operations,” Kaber Esplin, IT manager of Kanab, Utah-based Garkane Energy Cooperative, told his teammates. “It’s like our worst nightmare.” 

“Anyone need five-digit code?” someone shouted.

“What is 111—should we be talking to it or not?” asked another. 

The team finally squelched the attack and got power flowing to consumers with 49 seconds to spare.   

“It was insightful,” said Joe Warling, director of information technology at Randolph EMC based in Asheboro, North Carolina. “You’ve got to work with others, rapidly and under a timeline and stress. I’m an IT guy. From the escape room I got more of the OT perspective.” 

Veronica Miller, an escape room veteran and a network administrator at Jacksonville, North Carolina-based Jones-Onslow EMC, said she was impressed with the complexity of the challenge.

“It definitely shows you where your strengths and weaknesses are and also how much you have to rely on your team,” said Miller.

“It was a humbling experience,” said Sam Terwilliger, EMS administrator at Wolverine Power Supply Co-op in Cadillac, Michigan. “It shows people can come together in a crisis, work through this and triumph.”

The INL programmers said they’ve staged escape rooms for other types of utilities and sectors and have noticed how quickly electric co-op staffers team up to solve problems.  

“The co-ops seem to be really good at fostering collaboration,” said Chris Johnson. “Between IT and OT, they seem to work well.”

So how close to a real-life cyberthreat was the escape room?

“Some elements here are from the real world,” said Kelly Johnson, noting that generators with software may be susceptible to ransomware and attackers insert puzzles and use codes to thwart recovery. 

“Bad guys will find vulnerabilities and attack. As defenders, we have to protect it,” he said. “It’s really about communications and their problem-solving ability to work together.”