FROM IT TO BOARDROOM –
A GAP BRIDGING EXERCISE
Cyber crisis exercise OZON 2016
Charlie van Genuchten (SURFnet - Netherland...
Let’s introduce myself
Charlie van Genuchten
• Graduated in History and Arabic from Leiden University
• Representative of ...
Cybercrisisexercise OZON
Background and purpose
• Crisis exercises within institutions are mostly fysically oriented (i,e,...
OZON exercise
Preparation
Idea for
2 day
cybercrisis-
exercise was
born
Gold/Silver
registration
closed
Cybercrisis
exercise
31 August –...
Participants
Participating
institutions
Total: 28
institutions
Other:
Including research
institutions and
libraries
Univer...
Cybercrisisexercise OZON
Scenario and exercise
• Multilayer attack, with ethical and criminal component;
• Strategic and t...
Events
Media and
communication
‘
03/10/2015
De hackerscollectief ‘RobbingGood’ streeftnaarhet
openbarenvanmisstandenindeor...
Technical elements
Disclosing critical research and business information on a
prepared website
Offering ”create your own g...
Participating roles
Participating
roles
Observers
Participants
Department managers
Lawyers
Communication
Press Officers
Se...
Cybercrisisexercise OZON
Conduct and performance
• The content was prepared by OZON team and the institutions, for complet...
Ratings
Evaluation
Evaluation of
the Exercise
Evaluation of
achieving
Exercise Goals
Average Average
94
respondents
Ratings
Cybercrisisexercise OZON
Results, recommendations and what’s next
• Make cybersecurity integral part of crisis management
...
To know more? / Questions?
• White paper and script of OZON
https://www.surf.nl/kennisbank/2016/
whitepaper-cybercrisisoef...
Próxima SlideShare
Cargando en…5
×

Cyber Crisis Exercise OZON — From IT to the Boardroom: a Gap Bridging Exercise

51 visualizaciones

Publicado el

Presentació de Charlie Genuchten (SURFnet) a la TAC17 sobre "Ciberseguretat a les xarxes acadèmiques i de recerca", realitzada el 21 de juny a l'Hospital de la Santa Creu i Sant Pau.

Publicado en: Tecnología
0 comentarios
0 recomendaciones
Estadísticas
Notas
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Sin descargas
Visualizaciones
Visualizaciones totales
51
En SlideShare
0
De insertados
0
Número de insertados
1
Acciones
Compartido
0
Descargas
2
Comentarios
0
Recomendaciones
0
Insertados 0
No insertados

No hay notas en la diapositiva.

Cyber Crisis Exercise OZON — From IT to the Boardroom: a Gap Bridging Exercise

  1. 1. FROM IT TO BOARDROOM – A GAP BRIDGING EXERCISE Cyber crisis exercise OZON 2016 Charlie van Genuchten (SURFnet - Netherlands)
  2. 2. Let’s introduce myself Charlie van Genuchten • Graduated in History and Arabic from Leiden University • Representative of the National Union of Students of the Netherlands with a focus on the digitization of Higher Education • Project coordinator cyber crisis exercise OZON • Helped design the OZON scenario’s • Project coordinator GEANT CLAW Crisis Management Event
  3. 3. Cybercrisisexercise OZON Background and purpose • Crisis exercises within institutions are mostly fysically oriented (i,e, fire, evacuation, drills) • The need to practice with cyber crisis / IT security • Inspiration by participating in other big cyber exercise Purpose; • Increase awareness and resilience • To test the internal and external information chain • To test internal communication, processes, and testing protocols • To increase knowledge and understanding of the development a cyber crisis
  4. 4. OZON exercise
  5. 5. Preparation Idea for 2 day cybercrisis- exercise was born Gold/Silver registration closed Cybercrisis exercise 31 August – 4/5 October4 April 31 May Time Scenario and technical preparation Central scenario and Institution scenario development event and technical construction Workload Bronze Registration closed Holiday Period 4 February Deadline institution scenarios
  6. 6. Participants Participating institutions Total: 28 institutions Other: Including research institutions and libraries Universities Regional Teaching Centres Hospitals Bronze Silver Gold Tertiary Education Institutions Number of participants Gold, Silver and Bronze
  7. 7. Cybercrisisexercise OZON Scenario and exercise • Multilayer attack, with ethical and criminal component; • Strategic and technical dilemmas to encourage cooperation between strategic, operational and tactical levels • Both technical and strategic challenges; leakage of researchdocuments, business data, manipulating data, mirror sites, simulation of productionenvironments • Big challenge to find compelling case for bridging the gaps between technical and strategic level
  8. 8. Events Media and communication ‘ 03/10/2015 De hackerscollectief ‘RobbingGood’ streeftnaarhet openbarenvanmisstandenindeorganisatie-top.‘Wie nietsverkeerddoet,heeftdusookniksteverbergen’ luidthetmottovan degroepsleiderdie anoniemdient te blijven.In2010 heefthetcollectiefeenbijdrage geleverdaanWikileaksenhet hackenvanStratforin 2012. Inhet tekenvandeinternationaleCyberSecurity Awareness-weekpraatNRCmetde groepoverde positievekantenvanhacken. Je wiltgraag anoniemblijven.ZijnjullieeensoortAnonymous? Alhoewel Anonymouseenhoopgeweldighacktalentheeftwaarwij bijzonderjaloersopkunnenzijn, willenwijRobbingGooddaarnietmeevergelijken. Anonymousstaatbekendomhetuitvoerenvan targetedattacksen hetplatleggenvansystemenvanindividuenofgroepenwaarzijhetnietmee eenszijn.Wijdaarentegenvindenhetvooral belangrijkdatinformatievrijteverkrijgenisendatgeen bedrijfofpubliekeorganisatieonheuse praktijkenkanverschuilenachterintellectual property, privacyenveiligheid. Ozon.onion I - Een onvoldoende? 40 Euro lost het op Aad Gille – 04/10/2016 ’ COLUMN - Tijdens mijn onderzoek naar de onderwereld van het internet heb ik een kijkje genomen in het Dark Web, het deel van het internet dat het daglicht niet kan verdragen. Behalve creditcardgegevens, drugs en wapens bestaan er ook webportals waar studenten hun cijferlijsten kunnen verbeteren. Tegen een anonieme Bitcoin-betaling van €40 is het via Ozon.onion mogelijk om een onvoldoende om te laten toveren in een prachtig cijfer. Voor €80 kan je zelfs het cijfer van een rivaal naar een onvoldoende veranderen. Om te testen of de service écht werkt heb ik €40 betaald om mijn oude cijferlijst van de journalistiekmaster aan de VU Amsterdam te veranderen. Om zo min mogelijk de universiteit te benadelen heb ik ervoor gekozen mijn enige 8 naar een 7 om te laten toveren. Twee uur na betaling was mijn cijfer daadwerkelijk aangepast. Aangezien de service goed werkt is het niet verrassend dat de commentaren op de webpage uitermate positief zijn. Een student aan de UvA schrijft “Super blij met zo’n goed gemiddelde!” Een ander comment luidt, “Deze dienst maakt zeker het verschil tussen slagen en zakken”. Een aantal onderwijsinstellingen waaronder Universiteit W en X, ROC Y en HBO Z staan vermeld op de webportal. Ik heb alle genoemde organisaties gevraagd naar hun reactie, maar ze wisten nergens van. Onduidelijk is of de integriteit van de diploma’s van deze instellingen daadwerkelijk in het geding zijn. Dusver is er ook onduidelijkheid wat betreft de maatregelingen die genomen worden. We kunnen in ieder geval wel op rekenen dat de systeembeheerders van deze organisatie op het matje worden geroepen. Unknown number of communication via Skype, Phone, Jabber, etc.
  9. 9. Technical elements Disclosing critical research and business information on a prepared website Offering ”create your own grades” through websites
  10. 10. Participating roles Participating roles Observers Participants Department managers Lawyers Communication Press Officers Security Officers Privacy Officers Members of the Executive Board Staff services Board Members ICT managers Service employees Faculty Staff Simulated by internal responscel Non-participating employees External supply chain partners such as suppliers Stakeholders Students Patients Teachers Professors Simulated by Responscel Journalists, including NRC, Trouw, Nu.nl, AD, (national (online) newspapers) Dutch Data protection Authority Mayors Members of the Supervisory Board Contributing External Partners National Police, (digital declaration counter) NCSC
  11. 11. Cybercrisisexercise OZON Conduct and performance • The content was prepared by OZON team and the institutions, for completeness and robustness we had assistance of external agency. • Two days of exercise directed from the central location at SURFnet, the players practiced on location and in their own role. Outcomes • Experienced as succesful, informative and highly realistic • Voluntary participation and practiced with great enthousiasm • The involved where very positive and the atmosphere was good. • Gaps where bridged between operational/tactical and strategic level • Gaps where bridged between different disciplines like communication and technique • Cooperation between institions strenghthened
  12. 12. Ratings Evaluation Evaluation of the Exercise Evaluation of achieving Exercise Goals Average Average 94 respondents Ratings
  13. 13. Cybercrisisexercise OZON Results, recommendations and what’s next • Make cybersecurity integral part of crisis management • Sharing information earlier in crisisprocess between organisations • Research into form of national coordination in a sector-wide cyber threat. To define autonomy and mandate of the institutions • To practice more large- and small exercises, sectoral- and/or topic specific. Preparation and execution of exercise together to achieve economies of scale • To share the outcomes, conclusions and recommendations of exercises to create more awareness and to create support of cyber threats and exercises. • Outcomes, lessons learned and recommendations stipulated in whitepaper, script for cybercrises exercise and video impression
  14. 14. To know more? / Questions? • White paper and script of OZON https://www.surf.nl/kennisbank/2016/ whitepaper-cybercrisisoefening-ozon.html / soon available in English

×