Spanish National Cyber Exercise

with the Financial Sector

48th TF-CSIRT meeting – 13th May 2016 – Riga

Javier Berciano

2013

New National Security Strategy

Objective: guarantee a secure use

of the networks and information

systems

National Security Strategy

Identifies risks from cyberspace as the main risks for the security of Spain

Strategy: strengthening prevention,

detection and defence capacities

against cyber-attacks

Partnership Framework Agreement

State Secretariat

for Security

Secretary of State for

Telecommunications and the

Information Society

National Centre for Critical

Infrastructure Protection National Cybersecurity Institute CERTSI + =

2012Partnership Framework Agreement in

Cybersecurity:

Impulse, coordination and supervision

of all policies and activities related to

the protection of critical infrastructures

Development of cybersecurity and of the digital

confidence of citizens, of the Spanish research and

academic network (RedIRIS) and of businesses in

strategic sectors.

A benchmark for the technical resolution of

cybersecurity incidents that affect essential services

Prevention Mitigation Response

critical

infrastructure

operators

companies

citizens

Security and Industry CERT (CERTSI)

Research and

academic network

Cyber Coordination Office

Technical coordinating body of the Ministry of the Interior

It guarantees the liaison and the technical coordination necessary for efficiently

accomplishing the tasks that the different bodies carry out in the area of

cybersecurity

CyberEx

Formats

Simulation

•Focus: test procedures and capacities

•Roles involved: managers and technicians

•Location/Size: variable

•Duration and time: one day

Role-play

•Focus: test decision making

•Roles involved: managers and senior management

•Location/Size: variable

•Duration and time: one day

Procedural

Formats

Formats

Red/Blue Team

• Focus: test defence capacities

• Roles involved: technicians

• Location/Size: variable

• Duration and time: one day

Continued attack

• Focus: test resistance to attacks

• Roles involved: all, mainly technicians

• Location/Size: variable

• Duration and time: several consecutive days

Analysis

• Focus: train technical capacities

• Roles involved: technical team

• Location/Size: variable

• Duration and time: one day

Technical

CYBEX 2012

• 5 players

• Heterogeneous, multiple sectors

• Simulation of a technical attack on perimeter services

• Evaluation of technical and organisationalcapacities

CyberEx 2013

• Heterogeneous, multiple sectors

• Simulation and a technical attack on the perimeter and WiFi

• Evaluation of technical and organisationalcapacities

• Simulation of tecnical analysisof an incident

CyberEx 2014

• 15 players

• Aimed at strategic operators.

• General simulations, operational and technical.

CyberEx 2015

• Cyberexercisefocused on strategic operators.

• An introduction to a sectoral exercise focused on business.

Evolution of CyberEx

Teams

Banks

Investment firms

18

13

2

3 Phases

Phase I: Continued attack

Phase II: Role-play

Phase III: Incident simulation Payment methods2

Insurance129 September – 19 October

Specialisation in the Financial Sector

CyberEx 2015

Phase I: Continued attack

Phase I: Continued attack

Phase I: Continued attack

Phase I: Continued attack

3 campaigns

Advertisement (only to know if people clicks everywhere)

Impersonating IT department (you must update X software, only for steal

corporate credentials)

Impersonating client/provider (document attached with macro, gather

information from system and user for exfiltration, no malicious activities or

real documents exfiltration)

Phase I: Continued attack

Phase II: Role-play

Phase III: Incident simulation

2016 unique indicators

Phase 1: Continued attack

58 controls

Phase 2: Role-play

14 controls

Phase 3: Simulation

12 controls

Organisational and technical

aspects

28 controls

18

fin

an

cia

len

titie

s

Evaluation

Report of each entity

Global report

Anonymised report

Infographic

Evaluation

Thank you!