INTERNATIONAL CYBEREX 2015

Similar documents
OAS Cybersecurity Capacity Building Efforts

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Gujarat Forensic Sciences University

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Stakeholders Analysis

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Caribbean Cyber Security: Not Only Government s Responsibility

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Department of Management Services REQUEST FOR INFORMATION

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

COMPUTER FORENSICS (CFRS)

INTERNATIONAL TELECOMMUNICATION UNION

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Security Technologies

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The Center for Internet Security

Security and resilience in Information Society: the European approach

Secure Access & SWIFT Customer Security Controls Framework

The NIS Directive and Cybersecurity in

DXC Security Training

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Vulnerability Assessments and Penetration Testing

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Provisional Translation

RESOLUTION 130 (REV. BUSAN, 2014)

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Reducing Cybersecurity Costs & Risk through Automation Technologies

Intro to Capture the Flag

Cybersecurity for Health Care Providers

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Current skills gap for capable CTI analysts: Training for forensics & analysis

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Position Title: IT Security Specialist

The CERT Top 10 List for Winning the Battle Against Insider Threats

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Bradford J. Willke. 19 September 2007

Security Solutions Assisting Social Infrastructure Digitalization

Cybersecurity, safety and resilience - Airline perspective

Management Frameworks

SWIFT Customer Security Programme

RESOLUTION 130 (Rev. Antalya, 2006)

Discussion on MS contribution to the WP2018

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Cybersecurity, Trade, and Economic Development

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

European Cyber Security Challenge

COUNTERING IMPROVISED EXPLOSIVE DEVICES

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Incident Response Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

May the (IBM) X-Force Be With You

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

manner. IOPA conducts its reviews in conformance with Government Auditing Standards issued by the Comptroller General of the United States.

Experience of the Tunisian Participation to the EU s Horizon 2020 Framework Programme as an Associated Country

Effective Cyber Incident Response in Insurance Companies

NEN The Education Network

Hacker Academy UK. Black Suits, White Hats!

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Call for Expressions of Interest

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Descriptions for CIS Classes (Fall 2017)

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cyber Security Congress 2017

Business continuity management and cyber resiliency

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Directive on security of network and information systems (NIS): State of Play

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Kaspersky Industrial Cybersecurity Training Program

CCISO Blueprint v1. EC-Council

Sage Data Security Services Directory

FSOR. Cyber security in the financial sector VISION 2020 FINANCIAL SECTOR FORUM FOR OPERATIONAL RESILIENCE

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Panel 1 National CSIRT Experience

Certified Cyber Security Specialist

ITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

RSA INCIDENT RESPONSE SERVICES

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Itu regional workshop

Everyday Security: Simple Solutions to Complex Security Problems

Trustwave Managed Security Testing

CYBERSECURITY INITIATIVES IN VANUATU

Transcription:

INTERNATIONAL CYBEREX 2015 www.oas.org

INTERNATIONAL CYBEREX 2015 01. PURPOSE 02. TEAM PROFILE 03. PLANNING 04. CYBEREXERCISE ASSETS 4 5 7 8 4.1. Cyberexercise website 4.2. CTF Execution Platform 4.3. Technical Team 4.4. Eligibility 05. DESCRIPTION OF THE SCENARIO 10 2 International CyberEx 2015 3

01/ PURPOSE 02/ TEAM PROFILE The purpose of International Cyberex is to run a cyberexercise within the Member States of the Organization of American States (OAS) that will allow the strengthening of the capacities to respond to cyber incidents, as well as improved collaboration and cooperation against such incidents. This exercise focuses directly on a technical safety profile with high expertise in the field of Information and Communications Technology (ICT). The cyberexercise will be conducted in Capture The Flag (CTF) format. This format is based on a cyber security competition model and is designed to serve as a training exercise that allows providing participants with experience in monitoring intrusion and working on reaction capabilities The cyberexercise will be conducted using the Capture The Flag (CTF) format. to similar cyber attacks that happen in the real world. There are two main styles for CTFs: offense/defense and jeopardy. The latter has been chosen for this case because it is the most appropriate to expand technical capabilities. Jeopardy style competitions usually involve several categories of problems, each of which contains a variety of questions with different values. The teams, at an 8-hour session compete to be the first to solve the most points, but they do not directly attack each other. Potential participating countries are the 34 OAS Member States and OAS observer countries that could become guests. Participation by countries (with a maximum total of 45 teams) will allow the internal configuration by each country of a team that includes professionals from various fields and strengthening collaboration between institutions. The final selection of the teams will be made by the INCIBE and the OAS Cyber Security Program. The default language for the cyberexercise will be English. Each team will consist of a maximum of 8 members. Some cases will involve the participation of more than two teams per country. Teams may be composed of Cybersecurity Incident Response Teams (CSIRTs) or experts from the public or private sector and civil society. The profile of the team members is a technician with expertise and knowledge in ICT security in at least one or more of the following fields: ICT security training and especially in management of information security incidents. Experience in managing security incidents and wire fraud. Experience in analysis of compromised systems, SPAM, systems and network security. Experience in analyzing malware, both static and dynamic analysis and using tools that automate processes such as behavioral analysis, performance analysis, etc. Experience in computer forensics. Experience in the use of tools that support the process of gathering information and analyzing it. Experience in security audits: methodologies, tools and technical expertise on security audits or pentesting. Experience in administration and bastions of operating systems. Experience in administration of networks and communications hardware, racks and applications and safety equipment support services. Each team must identify a captain, who will be responsible for communicating with the coordination team. 4 International CyberEx 2015 5

03/ PLANNING The cyberexercise will have several phases, to be completed with the following schedule. 1. Introductory Session The cyberexercise will begin with an introductory meeting with all participants, where the initiative will be transferred and it will allow establishing the cooperation framework, both technical and organizational between the entities. This session will take place by videoconference on July 16, 2015 at 10:00 (GMT-5). 2. Implementation of Challenges After the introductory session, the technical implementation of the challenges by the OAS-INCIBE will take place. This phase will also serve to obtain legal agreements between entities if necessary and participant data. At the end of phase, the cyberexercise platform will be ready for implementation. This phase will take place during the months of July and August 2015. 3. Sesión de resolución de dudas This session will take place on Thursday, September 17, 2015 at 10:00 (GMT-5), and will serve, remotely via audio or video conferencing, for participants to submit questions and for the organization to respond to all of them as prior step to the execution of the exercise. 4. Execution of the Exercise The exercise date will be September 24, 2015. The exercise will last for 8 HOURS and it will take place in a single day. Given the amount of time zones of the OAS countries (as shown in Annex I), it is proposed that the reference time zone be GMT-5. This time zone allows including 29 countries, with a difference of one hour. The cyberexercise will commence at 10:00 (GMT-5) and will end at 18:00 (GMT-5). It will include a time at the beginning to explain the scenario as well as time at the end for analysis. Each country team will participate remotely from each location. 5. Closing Session The closing session will serve to analyze the scenario executed as well as the processes that lead to the achievement of flags. Also, participants will have the floor so they can give their opinion to improve future editions of cyberexercise. The closing session will be a face session and will take place during the execution of ENISE on October 20, 2015. There will also be an informal feedback process at the OAS Technical Symposium and FIRST, to be held on September 29, 2015. Introductory Implementation Doubt solving Execution Closure 6 International CyberEx 2015 7

04/ CYBEREXERCISE ASSETS The cyberexercise will be developed based on the realization of challenges in jeopardy CTF format and will include the following assets. 1.1 Cyberexercise website The cyberexercise website will be the benchmark for the participating countries and willcontain at least the following information: Explanatory summary about the cyberexercise and basic instructions for implementation Technical details for participation Platform User Manual Dates for the implementation of the cyberexercise Access to the platform to solve the challenges Support Chat 1.2 CTF Execution Platform The execution platform is in the cloud and will house the necessary infrastructure for the implementation of the challenges, the gameplay and scoring. The backend of the platform includes a provisioning system to form the virtual infrastructure according to the scenario. It also includes a monitoring system that verifies that the virtual networks, systems and the flags (target systems, services or processes, files, etc.) are available and with adequate performance. The platform also includes access and account control functions, logging, security controls, management capacity and performance of the infrastructure etc. It also allows starting multiple copies of the same scenario, scaling horizontally. Management and load balancing to adjust the performance and mitigating factor if the scenario is damaged as a result of the actions of the players (e.g. misuse of an exploit to disable a system). This shared environment is reserved at some point to avoid overlap and it allows stability and scalability set out to develop challenges. The platform includes all the services needed to complete the game: Different types of servers DNS LDAPs VPN Terminators Proxys Web Servers etc. The players use their own laptops with the tools they deem necessary, and interact with the environment through a Virtual Private Network (VPN), which is set for the particular event and the web browser. Once connected to the environment, the user: Receives the information on challenges. Receives the information of flags to be captured. Sends the flags captured for validation. Accesses the system tracks. Has an overview, a support section and the possibility of setting up the profile. Knows his or her progress in the game as well as the position relative to other participants. The exercise date will be September 24, 2015. The exercise will last for 8 hours. 1.3 Technical team The cyberexercise technical team is responsible for providing the necessary support for the realization of all the cyberexercise phases, since the submission of the initiative to the closing session. It will perform support tasks, in particular and with greater emphasis, during the execution of the exercise to address incidences. 1.4 Eligibility The participating team must have at least the following elements: Unfiltered Internet connection with minimum bandwidth: 256kbp/s PCs with hacking tools type: Kali Linux Backtrack A team captain responsible for team coordination and communication with the technical team of the cyberexercise organization. 8 International CyberEx 2015 9

05/ DESCRIPTION OF THE SCENARIO The LoanLeader (LL) bank is a leading international marketing entity with large companies and assets exceeding $ 5 billion, over 200,000 employees and listed on the main stock exchanges worldwide. Through its research, development and innovation services, it has created a new algorithm for selecting investments that exponentially increases the level of productivity, and achieving great benefits from its implementation. The benefits obtained by LL have made investors flock to this entity and the stocks of the main competitors to plummet on the stock exchanges. Lorem ipsum dolor des sit amet, des consectetur adipiscing elit. Aenean hendrerit dictum turpis A few minutes ago the SOC of LL has detected an abnormal event, which has escalated to Matt McMoney, the LL CEO, because the event makes him suspect intrusion into the LL systems storing the algorithm. Matt McMoney has asked the company s security department to discover evidence of the intrusion and to analyze the robustness of the security of the organization s networks and systems. Using ethical hacking tools, the security department (a participating team in the cyberexercise) will have a number of tasks, goals and points to win. These tasks are aimed at: Reproduce the attack phases (penetration testing) Analyze the impact (intrusion forensics) INCIBE is an institution of the Ministry of Industry, Energy and Trade of Spain. CNPIC is an institution of the Ministry of Interior of Spain. 10 International CyberEx 2015 11

Organization of American States 17th St. and Constitution Ave., N.W. Washington, D.C. 2006 USA Ph. (202) 458-3000 www.oas.org

International CyberEx 2015 Registration Form Formulario de Registro Team Information Información del Equipo Team Name (nombre del equipo): Number of members (número de integrantes): Sector: ( ) Government (gubernamental) ( ) Private (privado) ( ) Academia (académico) ( ) Mix (mixto) Country (país): Captain contact Information - Información de contacto del Capitán Name (nombre): Last Name (apellido): Institution (institución): Tittle (cargo): Telephone (teléfono): Cellphone (celular): E-mail (correo electrónico): Time Zone (uso horario): Please submit this form to International@cyberex.es Por favor enviar este formulario a International@cyberex.es

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback