Putting Collaborative Defense Into Action
ACSC Members convene annually for a cross-sector Table Top Exercise that allows members to test their incident response capabilities. More importantly, the event serves to connect many members of the New England Cybersecurity community to:
- expand their networks
- learn from one another’s incident response instincts, plans, and innovations
- practice responding in collaboration with peers from other organizations
The annual exercise draws on the strength of the cross-sector membership and focuses on major cybersecurity trends, e.g. ransomware, nation-state actors targeting the supply chain. The exercises focus on the communication and collaboration challenges of incident response and we have a specific definition of Collaboration that addresses our organizations working together, but also internally across functions, drawing on the skills, knowledge and expertise of the legal and communications professionals who exercise alongside the cyber staff.
ACSC 2020 and 2021 Table Top Exercises
The ACSC’s 3rd Annual Collaborative Defense Exercise marked a successful transition to virtual exercise. The two day table top drew on the lessons of the first two exercises, building a cross-sectoral exercise that challenged participants and encourage collaboration across internal functions including Legal and Communications. The exercise was new in a few ways, it was entirely virtual as a result of COVID. In addition, it saw the creation of mixed teams, where two or three organizations were combined to create a fictional company outside of their industry sectors so they could focus on their response instincts rather than proscribed company policies. The event focused on a ransomware attack that was later revealed to be a major threat to reputation as the adversary was publicly threatening to release exfiltrated data to harm the each company’s reputation, requiring a fulsome response. The end result was a successful event that asked probing questions of all participants – InfoSec, Legal and Communications. The after action led to the ACSC creation of its sharing platform. In addition, several organizations took the exercise scenario to run it again internally.
In planning for the ACSC’s 4th Collaborative Defense Exercise, we are considering a range of lessons learned from the virtual environment and considering how we might conduct a hybrid event to include the valuable in person gathering that can boost networking and in-person relationship building. In addition the 2021 exercise will look to target some business critical systems - databases, communications systems, intellectual property and proprietary code, and even some tools with privileged access or security tools. We will draw on the lessons of Solar Winds and the Microsoft Exchange server vulnerabilities to target systems that have privilege and access. One option is to attack a tool for his privilege OR to simply deprive the defenders of a critical response tool. We will look to utilize the ACSC Teams Sharing Platform as a real time information source to make the exercise more dynamic. In addition, we will continue the idea from 2020 of a large scale attack impacting our wide range of industries, where there is an incentive to coordinate messaging with peers. In a recent MCC table top exercise, one participant spoke about an information sharing group coordinating talking points for members to use in their responses, thus driving a unity of message. The core of the ACSC Table Top is to exercise collaborative defense, to work across different members but also to work across functions internally, meaning Legal and Communications networks will once again play essential roles.