Saturday, December 3, 2011

Ground-breaking cyber drill takes place in South East Asia

ITU. Geneva, 2 December 2011 – United Nations’ specialized agency the International Telecommunication Union (ITU) and the International Multilateral Partnership Against Cyber Threats (IMPACT) yesterday held the world’s first cross border drill exercise by an international organization and a United Nations agency.

The inaugural cyber-drill was launched by ITU-IMPACT ALERT (Applied Learning for Emergency Response Team), and comprised a simulated cyber attack response linking the Computer Emergency Response Team/Computer Incident Response Teams (CERT/CIRT) of Cambodia, Lao P.D.R., Myanmar and Viet Nam (the CLMV countries) with executing experts from ITU-IMPACT. The one-day drill was held in conjunction with the ITU-ASEAN Sub-regional CSIRT/CIRT/CERT Workshop for CLMV countries in Yangon, Myanmar.

IMPACT, the cybersecurity executing arm of ITU, is the largest cybersecurity alliance of its kind in the world, with 137 partner countries now formally part of the ITU-IMPACT coalition, and with strong support from global industry giants, partners from academia and international organizations.

The cyber drill was a simulated and coordinated exercise to assess the cybersecurity emergency readiness of CLMV countries and their incident response capabilities in mitigating and countering cyberattacks. The exercise helped build greater international cooperation between participating countries, and improved their communication and mitigation processes. It was also unique in that it was deliberately designed to involve countries with differing developing status – one rapidly growing developing country (Viet Nam) and three UN-designated Least Developed Countries – Cambodia, Lao P.D.R and Myanmar. That meant that the exercise was able to take into account the real-life constraints faced by many economies in the developing world.

An important aspect of the drill was the involvement of countries at the regional level. “Cyberattacks are borderless, so it is vital for every CERT/CIRT to share information and experience on cross-border incident handling, in order to refine and test points of contact and procedures, to enhance the effectiveness of their response to active cyberthreats”, said ITU Secretary-General Dr Hamadoun Touré.
The drill involved a team from each of the four CLMV countries. Drill scenarios involved three cybersecurity emergency incidents: mass web defacement, spam and malware infection. Teams were required to identify the origin of the attacks, identify possible solutions and mitigation steps, and rectify the defacement and/or outbreak. All events and incidents were simulated – no live systems were attacked.

Each participating country team was divided into two roles, representing ‘player’ and ‘observer’. The player executed the incident handling process, analyzed the threats and mitigated the simulated attacks, while the observer executed the communication roles and assisted the player to mitigate the simulated attacks.

The drill scenarios were created by experts from ITU-IMPACT, F-Secure and Trend Micro. Though competitors in the outside world, ITU’s long-standing tradition of public-private partnership provided a unique platform for these partners to come together for the good of the global community to enhance readiness to combat cyberthreats.

The drill was conducted as a ‘no-fault’ exercise. The aim was not to criticize capabilities or a particular network, system or infrastructure, but rather to emphasize the need for continuous communication channels between neighbouring countries, as well as enhancing each country’s incident response capabilities.

“The ITU-IMPACT ALERT achieved several positive outcomes including identification of readiness of each country’s CERTs/CIRTs Team, establishing the need for proper contingency plans, improving the familiarity with tools and other related software and communicating the importance of maintaining logs and having adequately trained personnel in place to handle cyberthreats,” said Datuk Mohd Noor Amin, Chairman of IMPACT. “This was a great opportunity for countries to put their contingency strategies to the test. This cyber drill serves as the prototype for upcoming larger global exercises being designed for 2012,” he added.

The 2011 ‘ITU-IMPACT ALERT’ was sponsored by ABI research, with technical assistance provided by Trend Micro and F-Secure. 

j