APCERT embarks on global coordination to counter cyber-ops
[Press released on 19 Feb 2014] The Asia Pacific Computer Emergency Response Team (APCERT) today has successfully completed its annual drill to test the response capability of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. For the third time, APCERT involved the participation of members from the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) in this annual drill, and for the first time, involved the participation of the European Government CSIRTs group (EGC).
The theme of the APCERT Drill 2014 was “Countering Cyber-ops with Regional Coordination”. The exercise reflects real incidents and problems that exist on the Internet. The teams undertook the task of tracing elements from developing stages of a Cyber-op. These stages culminated to a point where CSIRT/CERTs had to dismantle the infrastructure set up by hactivists, before a Denial of Service attack unfolds on a government service.
During the exercise, the participating teams activated and tested their incident response handling arrangements. This included the need to interact between CSIRT/CERT from locally and internationally, in order to dismantle the Denial of Service infrastructure from an analysis of a malicious smartphone application. This incident response exercise, which was coordinated across many economies, reflects the strong collaboration amongst the economies and validates the enhanced communication protocols, technical capabilities and quality of incident responses that APCERT fosters in assuring Internet security and safety.
20 CSIRT teams from 16 economies (Australia, Bangladesh, Brunei Darussalam, People's Republic of China, Chinese Taipei, Hong Kong, Indonesia, Japan, Korea, Macao, Malaysia, Myanmar, Singapore, Sri Lanka, Thailand and Vietnam) of the APCERT. From the external parties, CSIRT teams from 3 economies (Egypt, Pakistan, and Nigeria) of the OIC-CERT and a CSIRT from Germany from the EGC participated in the drill.
Mr Leung Siu-Cheong, Senior Consultant of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council, said, “Through this regional drill, we have demonstrated the importance of global coordination in combating large scale cyber attacks.”
"On top of being an active member of the drill organizing committee and exercise controller team this year, HKCERT also joined the drill to further sharpen our preparedness. It has enabled us to revisit and fine-tune our response procedures and analysis technique. The experience will also help us improve the organization of the local cyber security drill later this year," he continued.
APCERT was established by leading and national Computer Security Incident Response Teams (CSIRTs) from the economies of the Asia Pacific region to improve cooperation, response and information sharing among CSIRTs in the region. APCERT consists of 26 CSIRTs from 19 economies. Further information about APCERT can be found at: www.apcert.org.
OIC-CERT was established in January 2009, to provide a platform for member countries to explore and to develop collaborative initiatives and possible partnerships in matters pertaining to cyber security that shall strengthen their self reliant in the cyberspace. OIC-CERT consists of 30 CERTs, cyber security related agencies and professional from 19 economies. Further information about OIC-CERT can be found at: www.oic-cert.net.
The EGC group, established November 2001, forms an informal association of governmental CERTs in Europe. Its members effectively co-operate on matters of incident response by building upon a fundament of mutual trust and understanding due to similarities in constituencies and problem sets. EGC is an operational group with a technical focus. It does not determine policy, which is the responsibility of other agencies within the members' national domain. EGC members generally speak for themselves and on their own behalf. Currently EGC consists of 13 teams in 12 countries, both EU and non-EU members. Further information about EGC can be found at: www.egc-group.org.