Security teams wrap up anti-cyber attack drill

by Manjula FERNANDO

The leading computer security response teams in Sri Lanka completed a drill to test response capability of their systems last week in a joint cross-border action organised by the Asia Pacific Computer Emergency Response Team (APCERT) headquartered in Japan.

Titled "Advance Persistent Threats and Global Coordination", the drill this year was attended by 24 response teams in 19 Asia Pacific countries, which was conducted for five hours from 8.00 a.m. to 1.00 p.m.

"We simulated a real life attack on the Internet. During the drill, their communication, analytical and problem-solving skills were evaluated," Manager, Product Development, Janantha Marasinghe of TechCERT, the network which acted as the head of organising committee and the exercise control in the drill told the Sunday Observer .

The drill created a virtual world with a defence contractor as the target of the cyber attack.

One of the employees of this establishment, which deals with highly classified and sensitive data, receives a physhing e-mail (a mail that can steal important data in your computer). It was not detected until the company receives an anonymous call later that day saying their data has been published in a website.

The task was to identify and neutralize the threat.

The objective of the drill was to exercise incident response handling arrangements locally and internationally to mitigate the impact of Advance Persistent Threats (APT). APT involve large scale 'malicious software' propagation and attacks capable of impairing the critical infrastructure and economic activities (Banks).

"The APT advanced persistent threat is like a 'kottu' of several different attacks. It can be a combination of physhing, cross site scripting, etc, etc," Marasinghe said.

Last year there has been several major APT attacks on the Internet crippling major establishments.

These were in the EU, the US and China, etc. Sri Lanka has not experienced such attacks so far but remains vulnerable.

Both SLCERT and TechCERT the two cyber security response teams in Sri Lanka participated in the drill.

APCERT is a contact network of computer security networks in the Asia Pacific and is chaired by Japan computer emergency response team.

Marasinghe said they plan to do domestic drills like this every year with banks and other vulnerable establishments.

"We felt the Sri Lankan teams were taking more time on the analytical stuff. This is an area that needs to be improved but on the whole Sri Lanka's preparedness was comparatively good."

The countries took part in the drill were Australia, Bangladesh, People's Republic of China, Chinese Taipei, Hong Kong, India, Indonesia, Japan, Korea, Macao, Malaysia, Myanmar, Singapore, Sri Lanka, Thailand and Vietnam, Tunisia, Egypt and Pakistan.

TechCERT, a division of LK domain registry was appointed as the head of cyber security drill organising committee. It was tasked with scenario development, drill preparation co-ordination and 'artifact' development.