Organised by

Supported by

What is CISS2021-OL?

Critical Infrastructure Security Showdown 2021 – Online (CISS2021-OL) is the fifth run of iTrust’s international technology assessment exercise. This is the second year that the exercise is held entirely online and is sponsored by the National Research Foundation and the Ministry of Defence.

What is new this year?

CISS2021-OL will come with the following exciting additions:

  1.  World Wide Web as entry point 
  2.  Water Distribution (WADI) testbed as additional attack surface
  3.  5 hours for Red Teams (instead of 4)
  4.  Intrusion Detection Systems (IDS) installed
  5.  Avoid IDS detection = higher score
  6.  Using reflector server to mask identity = higher score
  7.  Prize $ doubled

Exercise Documentation

Version 1 (18 June)

Older versions: N.A.

              Click above to view video and here for slides

Stage 1 Results

We are pleased to announce the finalists for CISS2021-OL! They are (in no order of merit):

  1. CISShells by the CISShore
  2. Kopi-O-T
  3. French Team
  4. KPMG
  5. NSHC RedAlert
  6. OolongNaiCha
  7. Pommes Schranke
  8. SMU Whitehats Society
  9. Steven Bradburys
  10. TeamTryHard-1

Stage 1 FAQ

Please download a copy here. For further questions, please write in to itrust@sutd.edu.sg

Updates

  • 10 Aug: Briefing for Blue Team Vendors (2 – 4pm)
  • 6 Aug: Briefing for CII Blue Teams (2 – 4pm)
  • 4 Aug: Updated briefing slides (slide 25 & 26) for Red Team Finalists can be downloaded here
  • 31 Jul: Red Teams: Book your 90-min familiarisation slot here
  • 30 Jul: Briefing for Red Team Finalists (4 – 6pm, GMT +8); briefing slides can be downloaded here and video can be viewed here
  • 21 Jul: Finalists for CISS2021-OL is published!
  • 3 Jul: Stage 1 briefing slides can be downloaded here; video can be viewed here
  • 29 June: Updated Stage 1 briefing slides have been sent to Red Teams; a copy can also be downloaded here
  • 29 June: VPN profiles and accounts sent to Red Teams
  • 25 June: 17 Red Teams & 6 Blue Team Vendors have signed up!
  • 23 June: Briefing on Stage 1 for Red Teams is on 2 Jul, 4 – 5pm (SGT, GMT +8); Red Teams would have received the Zoom link and briefing deck for the briefing
  • 18 June: Blue Team Vendors – please use this link to sign up for onsite deployment slots (16 to 27 Aug)
  • 18 June: Version 1 of Exercise Documentation is available for viewing
  • 18 June: 17 Red Teams & 5 Blue Team Vendors have signed up!
  • 11 June: Red Teams – please use this link to sign up for Stage 1 (5 to 16 Jul)
  • 9 June: 14 Red Teams have signed up!
  • 9 June: Important dates updated
  • 21 May: Anonymised reports from previous exercises can be downloaded: 2016, 2017, 2019, 2020
  • 20 May: CISS2021-OL info page created

Access to world’s largest industrial-grade critical infrastructure playground

   

A novel and complex OT system awaits participants of CISS2021-OL

Important dates (subject to changes)

May 2021 June 2021
  Invitation to RT & BT Deadline for participation  
July 2021 August 2021
Stage 1 (RT)
5th – 16th
Briefings
RT (Finalists): 30th,
4-6pm (GMT+8)
Briefings
BT (CII): 6th, 2-4pm
BT (Vendors): 10th, 2-4pm
Familiarisation (RT)
4th – 13th
BT (CII) deployment & testing
16th – 20th
BT (Vendors) deployment & testing
16th – 27th
BT (CII) familiarisation

23rd – 27th
 September 2021
RT Exercise
6th – 10th
(5 hours/team)
BT Exercise
13th – 17th
(8 hours/team)
   

RT = Red Teams; BT = Blue Teams

Can I participate in CISS2021-OL?

Participation in this exclusive and unique exercise is by invitation only. Invited Red Teams can form up to 4 members per team; Blue Teams between 6 to 10 members. Keep a look out for our invitation in your inbox !

What will I win?

The top 3 Red Teams stand to win attractive cash prizes!

1st prize: S$4,000
2nd prize: S$2,000
3rd prize: S$1,000

Red and Blue Teams Invitation Posters

      

 

CISS News & Event Gallery

CISS2020-OL Award Ceremony

CISS2020-OL Opening Ceremony

CISS2019

Past years’ Red Teams

Applied Risk                                Lancaster University Case Study         NAIST (English) (@NAIST_MAIN_EN) | Twitter         

     CTFtime.org / NUSGreyhats        Politecnico di Milano – RECIPE H2020 Project  

          RSA Logo         

  Graz University of Technology - Wikipedia       Frontiers and the Technical University of Munich form open access publishing agreement – Science & research news | Frontiers      University logo | Design | Brand | Office of Strategic Marketing and Branding | University of Illinois Urbana-Champaign      University of Oxford visual identity - Fonts In Use  

Sponsoring Partners

iTrust thanks the following sponsoring partners for this year’s exercise!

About Fortinet

Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, applications and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 510,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

About Gigamon

Gigamon helps the world’s leading organizations run fast, stay secure and innovate. We provide the industry’s first elastic visibility and analytics fabric, which closes the cloud visibility gap by enabling cloud tools to see the network and network tools to see the cloud. With visibility across their entire hybrid cloud network, organizations can improve customer experience, eliminate security blind spots, and reduce cost and complexity. Gigamon has been awarded over 90 technology patents and enjoys world-class customer satisfaction with more than 4,000 organizations, including over 80 percent of the Fortune 100 and hundreds of government and educational organizations worldwide. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com and follow us on Twitter and LinkedIn.

About Tegasus International

Founded in 2019, Tegasus International is a Singapore based cybersecurity company specialising in the education of cybersecurity for Industrial Control Systems. The company serves customers in the energy, utilities and transport sectors across both government and private segments. At its disposal are trainers with practical experience both in academic and applied fields.