РНБОУ National Security and Defense Council of Ukraine

NCSCC conducted “Vulnerability Management” training for cybersecurity specialists of the energy sector of Ukraine

The National Cybersecurity Coordination Center at the NSDC of Ukraine, with the support of CRDF Global in Ukraine, held a Vulnerability Disclosure Program (VDP) training event from March 13 to April 20, 2023.

The tenth program in the “Vulnerability Management” series was attended by more than 30 specialized technical specialists representing 20 organizations of the energy sector of Ukraine, including the Ministry of Energy of Ukraine, NNEGC Energoatom, NPC Ukrenergo, regional power distribution companies, etc.

The purpose of such events is to improve practical skills in identifying vulnerabilities in information systems and ensuring comprehensive cybersecurity in the main cybersecurity entities, government agencies, critical infrastructure facilities and other organizations within the framework of public-private partnerships.

"The Vulnerability Management program was created to improve the level of cybersecurity of organizations in various sectors of Ukraine's critical infrastructure by training and upgrading the skills of key cybersecurity professionals in these organizations. It provides clear guidelines and methodologies for identifying and eliminating security vulnerabilities and countering cyber attacks, and helps organizations reduce cyber risks by helping to identify and eliminate vulnerabilities before they are exploited by attackers," Head of the NCSCC Support Service of the NSDC Staff Serhiy Prokopenko said.

Serhiy Prokopenko also thanked all the experts for their active participation, as it allowed to raise awareness, develop special practical skills of security professionals and improve cybersecurity programs of critical infrastructure organizations in the future.

The VDP participants showed high interest in solving the tasks and at the final CTF. The winners of the six-week training for energy sector employees received prizes that will help them further develop their professional skills.

The curriculum was designed to meet the requirements of companies and enterprises in the critical infrastructure energy sector that face specific cybersecurity challenges, especially during the Russian aggression.