The capabilities of a CSIRT are significantly improved through cyber drills through using scenarios to test preparedness, communication, and response capabilities.
Resource: Improving capabilities with cyber drills
AfricaCERT: AfricaCERT organised its first Cyber Drill: Testing the Waters’’, in 2021. The drill aimed to test the response capability of participating teams facing the following scenarios: phishing, defacement, REM, ransomware investigation. These exercises were designed to put participants into live conditions and tested their communication and technical capabilities. 32 Computer Security Incident Response Teams from 24 countries, including APCERT and OIC-CERT economies teams, participated in the Drill.
APCERT: APCERT organises a cyber drill for APCERT Region and partners. The theme of the 2021 APCERT drill was ’’Supply Chain Attack through Spear-Phishing – Beware of Working from Home’. The exercise reflected real incidents while issues reflected the collaboration amongst the economies in mitigating cyber threats and validated the enhanced communication protocols, technical capabilities, and quality of incident responses that APCERT fosters in assuring Internet security and safety. Twenty-five CSIRTs from nineteen economies of APCERT and two of the OIC-CERT and AfricaCERT participated.
ITU: The ITU organises annual Cyber Drills designed with a dual purpose: as a platform for cooperation, information sharing, and discussions on current cybersecurity issues, as well as to provide hands-on exercise for national Computer Incident Response Teams (CIRTs) / Computer Security Incident Response Teams (CSIRTs).
OAS: The Organization of American States (OAS) and Spanish National Cybersecurity Institute (INCIBE) annually organise the International CyberEx that seeks to strengthen the ability to respond to cyber incidents and improve collaboration and cooperation. International CyberEx 2020 had 80 teams and 320 team members representing 39 countries.
OIC-CERT: The Organization of the Islamic Cooperation – Computer Emergency Response Teams (OIC-CERT) organises an annual Cyber Drill with objectives to:
• Test the communication capabilities of the members’ points of contact.
• Check the processes and procedures in managing contingencies.
• Test the technical competencies of participating teams.
• Simulate cross-border cooperation in mitigating information security incidents.
Capture-The-Flag (CTF): This is a competitive computer security event where participants compete in security-themed challenges for the purpose of obtaining the highest score
Source: Cyber Incident Management in Low-Income Countries – 1: PART 1: A HOLISTIC VIEW ON CSIRT DEVELOPMENT