A competition for cybersecurity experts from across the world, where they can test their skills on replicas of systems and software from various industries

cyber_battle

Standoff 14: the international cyberbattle

Command and Defend

We are used to electricity just being there. While lights are on at home, the metro carries passengers, and factories melt metal, no one thinks about the work of power engineers.

From the outside, the industry looks like a monolithic physical machine of pipes and wires. But in reality, the energy sector of State F is a giant IT infrastructure. Dispatch centers, substations, monitoring, commercial metering, and billing systems have long merged into a single network where servers and algorithms manage megawatts.

Key industry players:

GenPower F — the heart of generation. The company produces megawatts for the entire State F. It operates thermal and hydroelectric power plants, wind farms, and industrial energy storage systems. GenPower F balances output every second based on demand and even weather forecasts to keep the country's critical infrastructure running without failure.

GridF — the grid company. It manages backbone and distribution networks, substations, and coordinates field crews. Inside GridF operates a complex digital mechanism: dispatching systems, ICS, smart meters, and proprietary telecom networks. Terabytes of telemetry flow through the company's infrastructure along with electricity.

SO‑F — the system operator. It maintains the balance of power and frequency in the Unified Energy System of State F, coordinates the work of generation and grid infrastructure, approves repairs, and manages emergency modes.

ClearingF — the financial hub of the wholesale market. Deals are registered here, green energy certificates are processed, and all interbank settlements of the energy sector take place. ClearingF is also a powerful IT company: it develops load forecasting platforms and has centralized access to parts of other market participants' IT infrastructure.

EnergySupply F — the guaranteed electricity supplier and the public face of the industry. Through the company's services, people pay bills and submit meter readings. EnergySupply F continuously analyzes consumption profiles, calculates tariffs, interacts with the regulator, and processes commercial metering data coming from GridF networks.

ERA F — the Energy Commission of State F. It regulates the electricity market: sets tariffs, issues licenses to market participants, and monitors compliance with mandatory standards. The organization analyzes key energy system indicators, records imbalances, and in crisis situations coordinates market participants' actions through a 24/7 alert system and duty service.

For a long time, the residents of State F took energy for granted. People got used to paying bills with a couple of taps on their smartphones, and factories entrusted energy consumption control to automation. But it is this digitalization that has turned the industry into an ideal target for hacker attacks.

Attackers are targeting dispatching control systems, SCADA and MES platforms, certification systems, customer portals, commercial metering and monitoring systems, and centralized server administration tools.

Today, a single compromised account or an unpatched vulnerability in an industrial gateway is sometimes enough for the entire country to feel the consequences of an attack. Tampering with consumption data instantly generates billions in losses and paralyzes financial flows. Hacking ICS and stopping a turbine at a thermal power plant leaves districts without electricity and heat. A substation failure halts factories, paralyzes transport, and disables water supply systems.

Acronyms like "SCADA" and "ICS" have long migrated from technical manuals to evening news headlines. Large business owners start their mornings with power system status reports, knowing that any digital failure in the energy sector will instantly trigger a chain reaction affecting retail, telecom, and industry.

Energy

Coinhako

Et-Blue

CyPeaceJutsu

Secops Garage

M53 Blue

Langit Biru

Pasukan Biru

SmurfVillage

CyberPatrol

UnitedSOCs

ProtectIT

STFware provides hosting services and develops software for organizations across various sectors. For instance, it maintains a ticket sales service and a platform providing state services for citizens.

Hackers could bypass secure software development mechanisms and inject malicious code into applications, which would then spread across different organizations and paralyze their operations. Hackers could also seize the company's domain infrastructure to gain full control over its systems and servers.

Cloud services, streaming platforms, and the flagship Open City app used by the entire population of State F are also under threat.

STFware

Your shell not pass

Tube produces, refines, stores, and sells oil and gas. Its assets include an oil refinery, pipelines with pumping stations, tankage facilities, and oil-product loading stations for rail and sea transportation.

In State F, a major uptick in the gas industry is on the horizon as Tube sets up new drilling facilities and prepares to commission a natural gas processing plant while also recruiting staff to work there.

Cyberattacks on the oil and gas industry can affect other sectors in State F beyond the target companies. For instance, malicious interference could damage product quality at paint-and-varnish and tire factories, while disruptions in the operation of an oil pipeline, rectification column, electric dehydrator, or hydrocracking reactor could cause a fuel crisis in State F.

Tube

KARL?!

Banks in State F long ago ceased to be simply a place where money is kept. Here, people pay for purchases by QR code, arrange loans in a matter of minutes, open accounts without visiting an office, and transfer digital rubles between organisations.

The financial landscape is shaped by three major players. Global Digital Bank develops digital services and serves clients entirely online. First Partner Bank bets on a partnership ecosystem, QR payments, and the digital ruble platform. And Commercial Bank of Standoff is responsible for the corporate segment, interbank settlements, and business lending.

Attackers have access both to the banks’ external services and to their internal infrastructure: web portals, Kubernetes clusters, interbank transfer systems, customer databases, operators’ workstations, and digital ruble interfaces. The compromise of a single vulnerable system here rarely remains a local problem. The takeover of a container can lead to an attack on the entire cluster; hacking an internal portal can halt the connection of partners to the instant payment system; and data tampering on the digital ruble platform can cause panic among businesses and regulators.

The consequences of successful attacks quickly extend beyond a single company. Leaks of passport data trigger a wave of fraud and lawsuits. Disruption of interbank transfers hits supplies, salaries, and settlements between enterprises. The compromise of digital ruble systems endangers trust in the state’s new financial infrastructure.

When financial services work invisibly, hardly anyone thinks about them. But the moment the ability to pay for a purchase, receive a salary, or transfer money to a supplier disappears, digital comfort instantly turns to chaos.

Standoff 14: the international cyberbattle

Banking

Attacker metrics

Defender metrics

Results