Cyber-EXE Polska 2013. Cyber Exercises for Banking Sector - the CERT Role.Return to TOC presented at FIRST 2014

by Miroslaw Maj,

Summary : Last years have shown that cyber exercises are probably one of the most effective ways to improve incident handling capabilities within all kinds of organisations involved in this process, including CERT teams. Thus popularity of such initiatives grows and cyber exercises are now organised in more and more countries.
Cyber-EXE Polska 2013 (2nd edition on national level cyber exercises in Poland) were organised in Poland in October 2013 by the Cybersecurity Foundation in the partnership with the Polish Government Centre for Security and Deloitte Poland. The main players in the exercises where Polish banks and their incident handling teams. They tested their capabilities in case of two main threats for banks - DDoS and APT attacks. Scenarios contained a number of injects which simulated advanced cyber attacks against the most sensitive bank's services like online banking services, and attacks against confidential banking resources like customers personal and financial data.
One of the exercise's objectives was to check level of interaction and coordination between affected banks and external organisations - i.g.: other banks, law enforcement agencies and CERTs. During the simulated crisis situations banks contacted CERTs many times and requested their specific services, which became important part of mitigation strategy.
During the presentation authors will present results of those exercises in terms of CERTs role. Step by step they will present cyber exercises scenarios of DDoS and APT attacks and explain the role of CERT teams in the attacks mitigation actions at each step. This will be mostly about CERT reaction services. Additionally based on the exercises' conclusions the authoris will present a set of recommendations for CERT teams, which cooperate or plan to cooperate with banks. The result of those two approaches will be the complete set of CERT special dedicated services for the banking sector.