spanish national cyber exercise with the financial sector · spanish national cyber exercise with...
TRANSCRIPT
![Page 1: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/1.jpg)
Spanish National Cyber Exercise
with the Financial Sector
48th TF-CSIRT meeting – 13th May 2016 – Riga
Javier Berciano
![Page 2: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/2.jpg)
2013
New National Security Strategy
Objective: guarantee a secure use
of the networks and information
systems
National Security Strategy
Identifies risks from cyberspace as the main risks for the security of Spain
Strategy: strengthening prevention,
detection and defence capacities
against cyber-attacks
![Page 3: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/3.jpg)
Partnership Framework Agreement
State Secretariat
for Security
Secretary of State for
Telecommunications and the
Information Society
National Centre for Critical
Infrastructure Protection National Cybersecurity Institute CERTSI + =
2012Partnership Framework Agreement in
Cybersecurity:
Impulse, coordination and supervision
of all policies and activities related to
the protection of critical infrastructures
Development of cybersecurity and of the digital
confidence of citizens, of the Spanish research and
academic network (RedIRIS) and of businesses in
strategic sectors.
![Page 4: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/4.jpg)
A benchmark for the technical resolution of
cybersecurity incidents that affect essential services
Prevention Mitigation Response
critical
infrastructure
operators
companies
citizens
Security and Industry CERT (CERTSI)
Research and
academic network
![Page 5: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/5.jpg)
Cyber Coordination Office
Technical coordinating body of the Ministry of the Interior
It guarantees the liaison and the technical coordination necessary for efficiently
accomplishing the tasks that the different bodies carry out in the area of
cybersecurity
![Page 6: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/6.jpg)
CyberEx
![Page 7: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/7.jpg)
Formats
![Page 8: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/8.jpg)
Simulation
•Focus: test procedures and capacities
•Roles involved: managers and technicians
•Location/Size: variable
•Duration and time: one day
Role-play
•Focus: test decision making
•Roles involved: managers and senior management
•Location/Size: variable
•Duration and time: one day
Procedural
Formats
![Page 9: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/9.jpg)
Formats
Red/Blue Team
• Focus: test defence capacities
• Roles involved: technicians
• Location/Size: variable
• Duration and time: one day
Continued attack
• Focus: test resistance to attacks
• Roles involved: all, mainly technicians
• Location/Size: variable
• Duration and time: several consecutive days
Analysis
• Focus: train technical capacities
• Roles involved: technical team
• Location/Size: variable
• Duration and time: one day
Technical
![Page 10: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/10.jpg)
CYBEX 2012
• 5 players
• Heterogeneous, multiple sectors
• Simulation of a technical attack on perimeter services
• Evaluation of technical and organisationalcapacities
CyberEx 2013
• Heterogeneous, multiple sectors
• Simulation and a technical attack on the perimeter and WiFi
• Evaluation of technical and organisationalcapacities
• Simulation of tecnical analysisof an incident
CyberEx 2014
• 15 players
• Aimed at strategic operators.
• General simulations, operational and technical.
CyberEx 2015
• Cyberexercisefocused on strategic operators.
• An introduction to a sectoral exercise focused on business.
Evolution of CyberEx
![Page 11: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/11.jpg)
Teams
Banks
Investment firms
18
13
2
3 Phases
Phase I: Continued attack
Phase II: Role-play
Phase III: Incident simulation Payment methods2
Insurance129 September – 19 October
Specialisation in the Financial Sector
CyberEx 2015
![Page 12: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/12.jpg)
Phase I: Continued attack
![Page 13: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/13.jpg)
Phase I: Continued attack
![Page 14: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/14.jpg)
Phase I: Continued attack
![Page 15: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/15.jpg)
Phase I: Continued attack
3 campaigns
Advertisement (only to know if people clicks everywhere)
Impersonating IT department (you must update X software, only for steal
corporate credentials)
Impersonating client/provider (document attached with macro, gather
information from system and user for exfiltration, no malicious activities or
real documents exfiltration)
![Page 16: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/16.jpg)
Phase I: Continued attack
![Page 17: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/17.jpg)
Phase II: Role-play
![Page 18: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/18.jpg)
Phase III: Incident simulation
![Page 19: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/19.jpg)
2016 unique indicators
Phase 1: Continued attack
58 controls
Phase 2: Role-play
14 controls
Phase 3: Simulation
12 controls
Organisational and technical
aspects
28 controls
18
fin
an
cia
len
titie
s
Evaluation
![Page 20: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/20.jpg)
Report of each entity
Global report
Anonymised report
Infographic
Evaluation
![Page 21: Spanish National Cyber Exercise with the Financial Sector · Spanish National Cyber Exercise with the Financial Sector ... confidence of citizens, of the Spanish research and academic](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa7c364fd7ed240904fe6bc/html5/thumbnails/21.jpg)
Thank you!