National Incident Response Discussion Exercise

Slides:

Advertisements

Similar presentations

4th World Telecommunication Indicators Meeting

Advertisements

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Anti-Spam Management for Service Provider in Malaysia Alan Lee NTT MSC.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Ensure the Disaster Housing Strategy is institutionalized throughout the jurisdiction Identify a process to update and maintain the Disaster Housing Strategy.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,

NPDN Diagnostic Data Sharing July 27, 2010 Ray Hammerschmidt NCPDN Director.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

© 2014 Cengage Learning. All rights reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

National Cybersecurity Management System

Disaster Emergency Management BY: ELLIAS NARDINI INTERNATIONAL REPRESENTATIVE & GENERAL AGENT APPLIED TRAINING SOLUTIONS, LLC 8527 CHASE GLEN CIRCLE FAIRFAX,

EPR-Public Communications L-05

Incident Handling and Response Breakout Overview.

Industry Perspective on Challenges for Product Developers - Drugs Christine Allison, M.S., RAC Associate Regulatory Consultant, Global Regulatory Affairs.

Contingency Planning and Emergency Preparedness Process and Practice PCWG Protection Cluster Coordination Training 2008.

Inter-Agency Contingency Planning: Concepts & Process

Compliance and Corporate Social Responsibility 6th CIS LOCAL COUNSEL FORUM Mr. Alexander Bolkvadze, Partner, BLC Law Office - Tbilisi.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

September 30, 2008 BIBA ROUNDTABLE Regulatory Panel.

Cybersecurity Governance in Ethiopia

ADM 677 Crisis Management in Educational Settings Karen McCuiston Kentucky Center For School Safety.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

Joseph Richardson Senior Fellow, ICC ICC Survey of CERT Capacity in Africa July 2010.

International Telecommunication Union Accra, Ghana, June 2009 Towards Cyber Security - Kenyan Experience Christopher Kemei, Asst. Director Licensing.

Earthquake Response and Recovery Planning at a Major Canadian Electric Utility Presented by Doug McLeod Disaster Preparedness Coordinator BC Hydro British.

Exercise 3 What is Necessary to build a Framework NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and.

Approved for Public Release; Distribution Unlimited © 2006 The MITRE Corporation. All Rights Reserved. The SMS Table Kent V. Hollinger December.

1 Executive Leadership of Cybersecurity Austin, TX December 3, 2014 ELOC Bank Table Top Exercise.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Sub-regional wildlife enforcement cooperation 1 Global Snow Leopard Conservation Forum Bishkek, October 2013 Pia Jonsson CITES Secretariat.

Iowa Communications Alliance

coaching & progressive discipline

Joint cyber exercises Charlie van Genuchten SIG-ISM meeting, Dublin

INFORMATION SECURITY IN ARMENIA: PRESENT STATUS AND TASKS

Cybersecurity in the ECOWAS region

WHO Country Office, Ghana

Cyber-crisis exercises

Coaching & Progressive Discipline

Transport cooperation for an interconnected Africa

Presenter organization.

About the NIS directive

Global Climate Change Alliance: Intra-ACP Programme

Session II: Communication and Outreach

8 Building Blocks of National Cyber Strategies

Romanian National Cyberspace - Quick facts -

National Cyber Strategy Preparedness: 8 Preparatory Questions

Managing Change and Other Keys to Successful Implementation

Inclusive Governance and Multiplying Impact

U.S. Department of Justice

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Nordic Perspective on SS7

The usage of ICT in the election process in Bulgaria

Role for Electric Sector in Critical Infrastructure Protection R&D

Understanding the Forces of Change in Cyber Capacity Building

E-Commerce for Developing Countries (EC-DC)

Combating Cybercrime: Tools and Capacity Building for Emerging Economies WSIS 2015, Geneva Jinyong Chung May 25, 2015.

Ofcom’s role in cyber security

Introduction to: National Response Plan (NRP)

The European Union response to cyber threats

Computer Emergency Response Team

National Information Assurance (NIA) Policy

DDoS attack Turn slides

…capturing a willingness of the world to move forward.

Telecommunications for Disaster Relief in Canada

INITIATIVES OF REGIONAL LIBRARIES IN BULGARIA IN THE SPHERE OF SOCIAL AND CULTURAL INTEGRATION : EXAMPLES FROM PRACTICE S. Eftimova, E. Tsvetkova, P. Mukanova.

Presentation transcript:

Cyber Strategy Workshop for African Union Member States July 23-27, 2018 Addis Ababa, Ethiopia

National Incident Response Discussion Exercise This exercise is designed to examine Roles & Responsibilities among stakeholders as they might manifest during a realistic national cyber incident, and to highlight organizational and communications issues that might need to be addressed in the national cyber strategy development effort. @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155

Table Top Exercise: A Method for Identifying Stakeholder Roles and Responsibilities Convene Breakout Groups Review Scenario and Inject Handouts (5 minutes) Discuss Injects 1 – 3 (10 minutes each) Wrap-up and Summary (5 minutes) @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155

INJECT 1 Two major national banks are reporting that they have come under persistent distributed denial of service (DDOS) attacks. They report that their web and mobile services are severely degraded. The banks also notify that they are investigating the incident. What is the appropriate operational response to a DDOS attack? Who is the right authority to report this incident to? Would any (other) government organization/agency involvement / awareness of the incident be necessary under the circumstances? What guidance would you give the banks on handling this incident? What additional information would be required to develop a government approach to this incident? @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155

INJECT 2 Similar (DDOS) reports come from the major telecom service provider of the country. The telecom company anticipates outages to continue for an extended period and says they will have to reduce their operational capacity to deal with the situation. They point out that a significant portion of the DDOS traffic is coming out of the nation of Obutuland. Obutuland is an AU member. Is there a role for your organization/agency at this stage? If so, what should you do? If not, should there be a role for you? Who do you contact/notify/consult regarding the attack both domestically and internationally? What would you consider the responsibility of the country where the attacks seem to originate/be routed through? How would you establish contact with the country where the traffic is originating? @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155

INJECT 3 The banks report having identified the perpetrator of the attacks. They point out that a group has published information about vulnerabilities in their networks. The group’s postings claim that there are serious security flaws in the online and mobile services of both the banks and the telecom provider. The banks request that government take action against the perpetrators and order removal of the published information. How do you respond to the banks’ requests? What kind of evidence would be required to attribute the incident to a group? Where and how can such evidence be obtained? What stakeholders should work together to address this Inject? @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155

Wrap-Up Given this short exercise and discussions thus far, how would components of a National Cyber Strategy support cyber incident preparedness and response? Legislative or regulatory measures Organizational or structural changes National, interagency and public-private cooperation International, bilateral, regional and global, cooperation Stakeholder roles and responsibilities Governance and coordination processes Introduce new tools or approaches Testing components of the national cyber strategy @ 2018 The MITRE Corporation. All rights reserved. Approved for Public Release. Distribution Unlimited. Case 17-2155