Law enforcement agencies from the US and European countries recently took part in an international exercise to test how they would work together in the event of a large-scale cyber-attack.
Dubbed Silver Shadow, the exercise was run by the UK's National Crime Agency (NCA) and involved law enforcement officials from eight different countries including the US, Georgia, Lithuania, Bulgaria and Ukraine. Also taking part were representatives from Europol's Joint Cyber Action Taskforce (J-CAT).
The aim of the exercise was to see how investigators and prosecutors would work together in the event of a massive cyber-attack spanning many legal jurisdictions, with the goal of building an effective response to such incidents.
The exercise began on 30 November and has just recently finished. It took place at the Cabinet Office's Emergency Planning College in North Yorkshire, run by management firm Serco. The exercise took place on Serco's cyber-security training and exercise platform (cybX).
Silver Shadow followed a test event, dubbed Silver Pilot, held in October to assess and develop working relationships between UK's cyber-crime units such as the NCCU and cyber-crime units within the Regional Organised Crime Units (ROCUs), Police Scotland and the Police Service of Northern Ireland (PSNI).
Director of the NCA's National Cyber Crime Unit, Jamie Saunders, said: “Together, Silver Pilot and Silver Shadow form an important part of the NCCU's efforts to prepare the UK response – at regional, national and international levels – to the ever-changing cyber-crime threat.
“Cyber-crime is by its very nature international, with many of the criminals and the technical infrastructure they rely upon based overseas, and yet its impact is felt by real people and real businesses in communities across the UK,” added Saunders.
“This means that our response has to be capable of linking police colleagues dealing with victims at a local level with law enforcement colleagues in other countries investigating and prosecuting those who may be responsible.”
Saunders said the NCCU has put strong international partnerships at the heart of its efforts to combat the most serious cyber-crime threats to the UK.
“We have lots of learning to take away, but through this exercise we have demonstrated that, just as the criminals can work across national borders, so can law enforcement.”
Richard Preece, Serco's director of cybX, said: "It's one thing to invest in the best technology, but organisations must also invest in developing their people and test their capabilities."
Ian Glover, president of Crest, told SCMagazineUK.com that these exercises are important as companies need to gain a greater understanding of the processes for detection, containment and eradication.
“When the attack is against a sector or even a country the difficulties of coordination increase dramatically. Without this form of exercise there is little chance for organisations to liaise with each other and law enforcement agencies to understand potential problems in their approach and more importantly to know the other individuals involved and their responsibilities,” said Glover.
Glover added that raising the profile of this type of attack and openly debating what can be done better will help government, businesses and law enforcement to understand the nature of such attacks and provide a structure and purpose for improvement plans.
“The results of the test will help to justify additional resources and/or funds to be allocated from senior management and government. Senior management often struggle to imagine or contextualise these types of attack. If they live it in a controlled manner their understanding will be greatly enhanced,” he said.
Jonathan Martin, EMEA operations director at ThreatStream, told SC that attacks nowadays can be over extremely quickly. “So having highly trained security teams ready to go, with the necessary knowledge and the right tools to make the right decisions under stressful situations, means that the impact of the attack can be greatly reduced.”
He added: “Understanding the tips and techniques used by the attackers and pulling in threat intelligence from as many sources as possible ensures that the vulnerability or exposure of a company can be reduced down from many months to just minutes and hour.”
Military organisations would never dream of going into battle without legions of highly trained, highly skilled troops. “As defenders of the security realm, we need to take a similar view,” he said.
“We need to ensure that our employees are aware of the threat and how it is likely to manifest itself, what forms an attack is likely to take, and have clear and concise instructions on how to alert the security staff when they believe they have been compromised. But we also need to have the resources available to respond when a large scale attack happens (and it surely will).”
He said that too often he comes across under-staffed, over-worked security teams who spend far too long doing the (very necessary) simple, basic things and yet never step back to look at the bigger picture of what's going on at a macro level.
“We all know that the bad guys share Intelligence on how to break into a network all the time - we (as good guys) need to start doing the same, to share Intelligence between ourselves in real time about who the attackers are, where they live, what techniques they typically use. Exercises such as Silver Shadow enable us to begin to form those relationships as a first step in this ongoing fight.”
Richard Beck, head of cyber-security at QA, said, “The fact that these initiatives take place underlines how important role-play can be to help people remember what to do when it comes to the real event. In addition to testing the protocols and processes themselves, these exercises can also provide valuable feedback on individuals who are operating at the coalface of preventing cyber-security attacks. Regular testing of cyber-security strategy together with employee training is critical to ensuring your defences are as strong as possible."