Cyber-attacks are not only increasing in number but are also becoming more sophisticated. In addition, the digitization of assets and the growth in technological platforms increases Redeia's exposure to cyber-attacks. Although there’s a low probability of experiencing one, its impact could be extremely negative, which is why Elewit is committed to the search for innovative solutions in this field.
Redeia, as a global manager of essential infrastructures and parent company of companies such as Red Eléctrica, Hispasat, Reintel or Redinter, can be the target of many agents that try to cause damage to the grid. That is why the concern for cybersecurity has grown significantly, and therefore the investment in it, strengthening both its teams and tools.
For this reason, in 2020, Elewit, Redeia's technological platform, decided to invest in CounterCraft, a leading Basque cybersecurity company in threat detection and intelligence and active cyber defense, through its Corporate Venture Capital (CVC). Through this CVC or investment vehicle in technological innovation, Elewit participates in the capital of startups that offer disruptive solutions and fit Redeia’s strategy.
Through the investment in CounterCraft, innovative cybersecurity solutions have been incorporated into the company, such as Deception, a technology that identifies the profile of attackers and minimizes the risk of exposure to critical infrastructure. On the other hand, it has been a great boost for the startup to have as a partner one of the leading companies in critical infrastructure management in the country. Since Elewit became a shareholder of the company, Countercraft has grown from 27 employees to almost 40 and has closed contracts with large government institutions.
Synthetic environments for cyber-threat detection
CounterCraft is known for its Cyber Deception platform, which is designed to deceive cyber attackers by simulating scenarios of real customer operations that can be identified as vulnerable by the attackers so that they can try to take advantage of them. In other words, they create synthetic scenarios that make cyber attackers believe they are in a real environment and thus manage to obtain information about them.
In addition, by creating synthetic environments, CounterCraft's solution is not implemented in production systems. This is one of its main differentiating elements, since, by moving attackers away from the organization's real assets, it does not impact real users, since it does not generate any type of disruption to the elements of the real production environment.
Another of their differential values is that they are able to automate tasks and report information to the security operator in real time. They also provide additional key information about the attack, such as the software executed, documents leaked and the technique used to gain access. In addition, they are designed for a wide range of attackers and can be deployed in multiple logical and physical environments.
Synergies between Redeia’s subsidiaries and CounterCraft
CounterCraft's technology is being applied and deployed by security agencies, military organizations and banks, among others. Being in the capital of a company that works in cybersecurity with leading players worldwide allows Redeia to be constantly updated on the evolution of technologies and potential threats. In addition, CounterCraft's product architecture allows integration into any technological environment in a simple way, which has allowed Redeia to:
- Improve the efficiency of the cybersecurity strategy, understanding the behavior of potential attackers, both internal and external.
- Identify potential attacks on IT and OT networks.
- Obtain information from attackers through decoys.
- Optimize efforts dedicated to network defense, creating a new point of view to support the detection function of the SOC (Security Operation Center).
- Increase network security by developing specific Threat Hunting for this type of networks.
Since the investment in Countercraft, projects have been developed with both cyber-IT (Information Technology) and cyber-OT (Operational Technologies) teams of Redeia. In the case of OT, a pilot project was carried out in which a physical model of an electrical substation connected to the Internet was recreated, emulating the traffic and functionality as if it were a physical substation, additionally another project is currently being deployed with the company. As for the IT project, Deception technology was implemented to detect and investigate advanced threats operating against the electricity system, such as financially motivated ransomware groups or APTs (Advanced Persistent Threats) sponsored by nation-states.
In the short and medium term, it is expected to jointly continue promoting projects for both Cyber IT and OT, while continuing to collaborate with the company to prevent potential attacks and to have the knowledge and sensitivity to detect increasingly sophisticated cyber-attacks.