Some 170 organizations were tested by Qatar's National Cyber Security Agency in its National Cyber Drill exercises last month.
Such drills are an established part of cyber-resilience in the Middle East.
Ethical hacker Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, who has been involved in cyber drills elsewhere in the region, talked to Dark Reading about how they work.
Suleyman Ozarslan: Entities participating are typically from critical infrastructure sectors, including government, energy, finance, utilities, telecommunications, transportation, and healthcare.
NATO's Locked Shields often includes energy firms and tech companies, and US Cyber Storm exercises involve a variety of critical sector companies.
Ozarslan: Participation is generally voluntary, but governments may strongly encourage involvement, especially for entities in critical infrastructure sectors.
Some key industry players may be compelled to participate due to regulatory requirements.
Companies may opt out for reasons such as concerns about exposing vulnerabilities, resource limitations, or competitive reasons, although this could mean missing out on valuable insights and improvements to their cybersecurity readiness.
Ozarslan: The exercises in these simulations can vary widely but usually involve responding to simulated cyberattacks.
These scenarios can include managing a data breach or a ransomware attack, defending against complex, coordinated attacks on critical systems, or recovering from them.
Financial Sector Cyber Drill in Turkey included a live-fire ransomware attack simulation involving real-time threat response.
Ozarslan: These simulations are typically organized by national or international government entities.
Cyber Guard is part of the US Cyber Command's training program, and ENISA is responsible for Cyber Europe.
These organizations collaborate with participating sectors and sometimes involve third-party cybersecurity experts or simulation platforms to create the exercise scenarios.
Ozarslan: The results of these simulations are compiled into detailed assessments that highlight successes, failures, and areas for improvement.
Information is usually shared among participants to enhance their individual and collective readiness, but confidential details are kept private.
Ozarslan: Yes, participants are concerned about failing in these simulations due to the potential for damage to their reputation and the risk of adversaries discovering and exploiting weaknesses.
To address this, detailed results of the simulations are rarely made public.
The goal of these simulations is not to pass or fail, but to identify weaknesses in a low-risk environment and use that information to enhance overall security.
Ensuring confidentiality helps participants feel more comfortable with the process and reduces the fear of negative consequences associated with any shortcomings identified during the simulations.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 05 Dec 2023 18:55:22 +0000