ITU contributes to global cybersecurity resilience with 2020 Global CyberDrills
Digital assets have become an integral part of our society. In addition to day-to-day activities, countless essential services depend on information and communication technologies (ICTs) employed at the heart of their critical infrastructure, from energy to finance and healthcare systems to societal processes from communication to trade. While this extensive reliance on digital assets has made our societies more open and innovative, the other side of the digital transformation coin is an increased vulnerability to cyber risks. Due to the constantly evolving threat landscape and increasing complexity and interdependencies of ICT infrastructure, it is impossible to curb all attacks. That’s why the development of incident management capabilities is essential in ensuring resilience and stability. ITU’s role in building global cybersecurity resilience ITU assists in improving cybersecurity readiness, protection, and incident response capabilities of countries by conducting CyberDrills at regional, national level and global levels. These drills are designed with a dual purpose: as a platform for cooperation, information sharing, and discussions on current cybersecurity issues, as well as to provide hands-on exercises for national Computer Incident Response Teams (CIRTs). ITU has conducted around 30 CyberDrill exercises involving more than 100 countries across 6 regions. These exercises aim to help national Computer Incident Response Teams (CIRTs) recognize and contribute to the development and deployment of strategies for defeating cyberthreats. What is a CyberDrill? A CyberDrill is a series of planned events during which information security incidents are simulated in order to test an organization’s cybersecurity capabilities, from its ability to detect an incident to its appropriate response and minimization of any related impact. Through a CyberDrill, participants can validate policies, plans, procedures, processes, and capabilities that enable preparation, prevention, response, recovery, and continuity of operations. Specifically, CyberDrill simulations are delivered through scenarios. Participants in a CyberDrill range from national CIRTs, Computer Emergency Response Teams (CERTs), Computer Security Incident Response Teams (CSIRTs), ministries, regulators, telecommunication operators, universities, telecommunication equipment manufacturers, research and design institutes, software developers and other interested stakeholders from ITU Member States. Representatives from these organizations come together during a CyberDrill to share information, collaborate and discuss the latest cybersecurity issues and trends. Promoting a proactive approach The cyberthreat landscape is evolving incredibly quickly, with new trends constantly emerging. Malicious actors are becoming more agile, exploiting new technologies at lightning speed, and tailoring their attacks using automated methods making their offensive capabilities faster and more effective. Combined, these trends create a great deal of uncertainty around information security risks. In order to face indirect, unintended and uncertain risks, national cybersecurity postures need to start from the assumption that not all incidents can be prevented. A complete cybersecurity program cannot be limited to the implementation of preventive controls but must also develop proactive incident response capabilities. Systemic resilience requires collaboration at the regional and international level to effectively align capabilities and expertise to manage incidents and raise awareness of potential risks and steps toward remediation. What to expect from the ITU 2020 Global CyberDrill In order to benefit from technology advancements, Member States need to implement security postures to mitigate these risks and prevent attacks. Fully committed to improving members’ cybersecurity readiness, protection and incident response capabilities, ITU is engaging in a series of capacity building exercises, chief among which are the Global CyberDrills. This year, the 2020 Global CyberDrill will run entirely online from September to November 2020. To enhance the communication and incident response capabilities of participating teams and promote collective efforts by national CIRTs and CSIRTs, the 2020 Global CyberDrill aims to: – Provide situational awareness to key public and private sector participants who lead their firms, organizations, or jurisdictions during a cyber disruption; – Bring the CERT/CIRT/CSIRT community together in a unified exercise to build global response and recovery capabilities; – Test operational resiliency key concepts across CSIRT/CIRT/CERT community; – Identify, exercise, and foster the improvement of processes, procedures, interactions and information sharing mechanisms that exist or should exist among CERTs/CSIRTs, Security Operation Centers, agencies, public bodies, and across regional organizations responsible for crisis management and regulatory bodies; – Exercise coordination mechanisms, information sharing efforts, the development of shared situation awareness, and decision-making procedures of the cybersecurity community during cyber events; – Raise awareness of other cyber exercise initiatives.
By designing and implementing operational procedures to respond better to various cyber incidents, identifying improvements for future planning and enhancing existing CIRT processes, CyberDrills have ultimately helped participating Member States enhance their incident response capabilities and communication, as well as improved national, regional and international cooperation.