Committed to connecting the world

ASEAN-ITU 2022 CyberDrill

BACKGROUND

The International Telecommunication Union (ITU) aims to improve the cybersecurity readiness, protection, and incident response capabilities of Member States by conducting CyberDrills at the national and regional level. This event helps to test an organization’s cyber capabilities.

Over the past ten years, ITU has held thirty-four CyberDrills, involving more than 120 countries committed to improving cybersecurity at both national and global levels. ITU CyberDrills are hosted at the global, regional, and national levels.

The ITU-ASEAN CyberDrill was held fully virtually and aims to bring together the cybersecurity community throughout the region while fostering international cooperation. It will emphasize the role of national Computer Incident Response Teams (CIRTs), Computer Security Incident Response Teams (CSIRTs), and Computer Emergency Response Teams (CERTs), in building cyber resilience and protecting critical information infrastructure.

This Cyberdrill was organized with support from the ITU-Department of Infrastructure, Transport, Regional Development, Communications and the Arts (DITRDCA, Government of Australia) project.

OBJECTIVES

The 2022 ITU-ASEAN CyberDrill will tailor event sessions around four thematic concepts:

Reflect: Bring together the global cybersecurity community to review major regional cybersecurity trends and consider improvements based on the five pillars of ITU Global Cybersecurity Agenda (GCA) and The Global Cybersecurity Index (GCI).
Share: Promote knowledge sharing of beneficial communication networks, and exchange funding stream resources.
Learn: Build capacity for the CSIRT communities within incident response and critical information infrastructure protection (CIIP).
Practice: Test operational resiliency key concepts across CSIRT/CIRT/CERT community.

TRAINING

	05 December 2022 06 December 2022 07 December 2022 08 December 2022 09 December 2022		09:30 - 12:45 (BKK) (GMT +7) 09:00 - 15:30 (BKK) (GMT +7) 10:00 - 16:30 (BKK) (GMT +7) 09:30 - 16:00 (BKK) (GMT +7) 09:30 - 16:00 (BKK) (GMT +7)
	Speakers		Live Captioning Archive
	Registration for Day 1 Days 2-3 and Days 4-5 are by invite only		Remote participation Registered user only

AGENDA

Day 1 Regional Meeting (Reflect and Share)

Featured speakers included cybersecurity leaders from the government, international and regional organizations, and other stakeholders. They will share best practices and lessons learned around cybersecurity.

The three focus topics for this regional meeting will be:

State of Cybersecurity in ASEAN
Cooperation between CIRTs and Law Enforcement in ASEAN

5 December
09:30 - 09:50 (BKK)	Opening remarks Ms. Atsuko Okuda, Regional Director, ITU Regional Office for Asia and the Pacific Mr. Sivaram Superamanian, Assistant Director for Digital Economy Division, ASEAN Secretariat
09:50 - 10:00 (BKK)	Group Photo
10:00 - 11:15 (BKK)	Panel 1: State of Cybersecurity in ASEAN Mr. Mohd Zabri Adil Talib, Vice President of Cyber Security Responsive Service, CyberSecurity Malaysia Mr. Adli Wahid, Senior Internet Security Specialist, APNIC Mr. Champika Wijayatunga, Regional Technical Engagement Manager – Asia Pacific, ICANN Moderator: Ms. Caroline Troein, Cybersecurity Lead Researcher, ITU
11:15 - 12:30 (BKK)	Panel 2: Cooperation between CIRTs and Law Enforcement in ASEAN Mr. Ann Kim, Deputy Director, Department of Information and Communication Technology Security, MPTC Ms. Daniela Eilberg, Cybercrime Associate Programme Officer, UNODC Mr. Marwan Ben Rached, Cybersecurity Coordinator, ITU Moderator: Akvile Giniotiene, Head of Cyber and New Technologies Unit, UN Counter-Terrorism Centre (UNCCT)
12:30 - 12:45 (BKK)	Day 1 Concluding Remarks Ms. Atsuko Okuda, Regional Director, ITU Regional Office for Asia and the Pacific Mr. Arthur Glenn Maail, Senior Officer, Digital Economy Division, ASEAN Secretariat

Day 2-3 Training Sessions (Learn)

ITU conducted two sequential training sessions. It will be split into two tracks: a Management Track and a Training Track.
Additionally, a co-located ASEAN CERTs Sharing Session will also be held on 6 December, organized by SingCERT.

6 December	Co-Located Session
09:00 - 11:00 (BKK)	Co-Located Session - ASEAN CERT Sharing Session SingCERT
11:00 - 12:30 (BKK)	Break
6 December	Management Track
12:30 - 13:30 (BKK)****	Management Track Training Session 1: Threat Intelligence Ms. Anett Mádi-Nátor, VP Cyber Services and President - Women4Cyber Foundation (TBC)
13:30 - 15:30 (BKK)	Management Track Training Session 2: Implementing AI and Machine Learning to Improve Cybersecurity Mr. Mateo Ciampagna, Welchman Keen

7 December	Technical Track
10:00 - 11:00 (BKK)	Technical Track Training Session 1: Knowledge Sharing Session on Ransomware Mitigation Mr. Marwan Ben Rached, Cybersecurity Coordinator, ITU Mr. Jorge Merchán, Especialista del CSIRT, Corporación Ecuatoriana para el Desarrollo de la Investigación y la Academia (CEDIA), Ecuador Ms. Paula Brenes Ramírez, Director, Digital Governance, Ministry of Science, Innovation, Technology and Telecommunications (MICITT), Costa Rica
11:00 - 13:00 (BKK)	Technical Track Training Session 2: Preparations for Scenario-Based Exercises Silensec
13:00 - 13:30 (BKK)	Break
13:30 - 16:30 (BKK)	Technical Track Training Session 3: How to conduct effective Open Source Investigations online Mr. Vytenis Benetis, consultant UNOCT/UNCCT United Nations Office of Counter-Terrorism (UNOCT)

Day 4-5 Scenario-Based Exercises (Practice)

Exercises are one of the highlights of the ITU Cyberdrill.

For those joining the scenario-based exercises, please find the orientiation tips here.

8 December
09:30 - 10:00 (BKK)	CyberDrill Briefing – General Introduction
10:00 - 12:00 (BKK)	Scenario One: Hunting Threats in an environment with access to logs generated by the systems Pre-requisites Knowledge in security events on Windows Knowledge of Active Directory environments and common attacks Ability to hunt of malicious activities by investigating logs and alerts
12:00 - 14:00 (BKK)	Scenario Two: Someone Got Phished Scenario Investigating a security incident reported by a user that could be a malware attack delivered via email. Pre-requisites Knowledge of how email works Knowledge of indicators of phishing Ability to investigate emails and identify potentially malicious and phishing emails
14:00 - 16:00 (BKK)	Scenario Three: Operational Technology Security Incident Scenario Responding to an attack against Industrial Control Systems Pre-requisites Basic knowledge on communication protocols in OT environments between controller devices and sensors Ability to perform network traffic analysis

9 December
09:30 - 09:45 (BKK)	Recap of Scenario-based exercises
09:45 - 11:45 (BKK)	Scenario Four: Internal network Compromise Scenario This scenario will entail exploitation of a vulnerability against the target organization to gain access to the internal network where the threat actor gains access to backup systems and exfiltrates data then later brings down the backup servers disabling the recovery capabilities of the organization. Pre-requisites Ability to identify common attacks against the external network perimeter Ability to detect lateral movement activities and data exfiltration Ability to use common detection tools Knowledge in security events on linux and windows
11:45 - 13:45 (BKK)	Scenario Five: Ransomware attack scenario This scenario entails a ransomware attack against an organization's network. The objective will be to conduct incident response and malware analysis on the malware executed in the victim environment to identify the TTPs used in the attack. Pre-requisites Ability to detect and respond to Malware attacks Skills in Reverse Engineering and Malware analysis
13:45 - 15:45 (BKK)	Scenario Six: Partner Scenario Mr. Vytenis Benetis, consultant UNOCT/UNCCT United Nations Office of Counter-Terrorism (UNOCT)
15:45 - 16:00 (BKK)****	Closing Remarks