APNIC Senior Security Specialist Adli Wahid presents on increasing cybersecurity preparedness for large-scale sporting events at the 2021 CNCERT International Partnership Conference, held online on 16 August 2021.
3. 3
3
Points
1. Perspective Large Scale Events
2. Cyber Drills – advantages & short comings
3. Critical Success Factors
o Time
o Team
o Collaboration
4. 4
4
Large Scale (Sporting) Events
• Global Interest
o Audience
o Stakeholders
• Complexities
o Infrastructure
o Supply-Chain
o Coordination
• Opportunities for Criminals
– $$ & Sabotage
– Targeted vs Leverage popularity
• Incidents -> Crisis
• Before – During – After
5. 5
5
Increasing Preparedness
• Before the Event
• Clarifying Roles and Responsibilities
– Coordination, Communication, Mitigation, Investigation
• CERT/CSIRT Community
o Threat Awareness
o Lessons learned from other large-scale events
o Coordination & Global Outreach (i.e. via FIRST.org & APCERT)
o Threat Response
• Additional Expectations
– Security hardening of key components & infrastructure
– Training
– Policies – Procurements
6. 6
6
Cyber Security Exercises
• Table Top Exercises (TTX) or Hands On Drill
• Experiences
o APCERT Drill 2007
o Pacific Games 2018
• APCERT Drill 2007
– Great example of Regional Collaboration
– Background – Beijing 2008 Olympics
o https://www.apcert.org/documents/pdf/APCERT-drill-2007.pdf
– National CERT/CSIRTs Coordination
o ScenarioIdentify point of contacts, experience working together
o Possible local constituent participation
o DDoS Botnet
o Supply Chain + 0-day
o Regional Collaboration
u 0700 Lord of
Armageddon (LoA)
declare cyber war on
Beijing Olympics
u 0900 Co-ordinated
botnet attacks from AP
region causing media
sites and government
portals inaccessible
u 1100 Spam containing
malware that turns PC
into zombies were filling
up mailboxes in AP
economies
u 1300 Border and Core
routers crashing and
rebooting frequently. 0-
day exploit for Cisco
IOS rumoured to be
available. Cisco promise
to release fix in a few
hours
u 1430 – Cisco released
patch and advisory on
critical IOS vulnerability
u 1600 – Security
analysts announced that
bots automagically
removed themselves, no
more attacks
APCERT DRILL
2007
7. 7
7
Cyber Security Exercises
• Pacific Games 2019 (TTX)
o Conducted @ regional CSIRT Workshop
o CERTs & Security Point of Contacts in Pacific
Region
o Mostly new-ish teams
o Theme
o Fraud
o Phishing + System Compromise
o Infrastructure
– Focus on Practicality & timeliness of response
– Coordination with the authorities
8. 8
8
Lessons Learned – What’s Great
• Cyber Drill or TTX to complement other preparations
• Appreciation of Global / Regional Impact of large scale (sporting) events
• Education and Awareness
o Specific Threat
o Capability & Capacity
• Policies and Procedures
o Identify gaps
o Measure effectiveness
• Identify proper points of contacts
• Collaboration
o Identify point-of-contact for seeking assistance or support
o Multiple-Stakeholders
9. 9
9
Lessons Learned – Not So Great
• Complementary*
o Vulnerability Assessment / Red Teaming/ Security Monitoring
• Scenario based
o What other scenarios didn’t we think about or hard to simulate
o BGP / DNS Hijacking
o Surface vs Deep – threat actor asking for ransom payments
o Disinformation Campaigns (?)
• Depends on who is in the room
– Participation of all stakeholders
– Preparation for all stakeholders
• Assessment and follow up on exercise is completed
o Feel good vs Addressing Gaps discovered
o Finishing first vs doing the right thing & recognizing gaps
10. 10
10
Additional Thoughts
• Avoiding incidents in the first place
• Systems & Infrastructure
o Resilience – DNS SEC, Redundancy, RPKI , Backups
o Hardening
o Secure Development
o Security requirements in contracts
o Risk Assessment
• Collaboration with Community
– Threat Sharing
– Monitoring
• Theory Vs Practice
– Learning from others
• Preparation = Time
• Focus on People
– 24 x 7 operations
https://www.cert.br/docs/palestras/certbr-tcfirst2016.pdf