Cyber Resilience Helsinki 2023 - CybExer Technologies

The exercise overview

Cyber Resilience Helsinki is an extremely effective and engaging pre-set exercise aimed to bring together Estonian and Finnish private and public organizations working with large scale IT systems for exercising together in a large-scale cyber incident.

The main goal of the exercise is to give the participants defensive training experience with IT-systems under intense cyber-attacks. The main mission for the blue teams is to defend & protect their IT infrastructure against real-time attacks from red teams while maintaining required IT services availability. All of this happens in a competitive environment as participating teams are rivalling each other to come out on top.

Threat Hunting is a task-driven live-fire exercise with a focus on response and investigation activities. The exercise is designed for practicing response to a cyber crisis according to a pre-defined scenario. The scenario background is designed to be wider than it is usual in the case of technical exercises.

Threat hunting exercise are carried out in a Blue vs Red setup where the Blue Teams must monitor the environment for detecting Red Team attacks and perform post attack investigations on Red Team activities. There is no focus on system hardening and other general defensive tasks.

There will be friendly competition between Blue Teams – score is awarded for solving incidents by providing relevant details about attacks. Additional bonus points can be gained from cooperation initiatives among blues mostly related on sharing helpful information via MISP.

Objectives

The goal of the exercise is to improve skills of the participants in following areas:

Detection and Prevention of attacks
Network & system monitoring
Situational awareness and control
Handling cyber incidents
Teamwork: delegation, dividing and assigning roles, leadership

The exercise has the following learning objectives:

Fostering cooperation between various actors in the cyber defence at the organizational level
Rehearse specific defensive measures in case of an attack against a particular field or combination of fields
Live reaction, planning of defence and enhancement of the environment
Monitoring and analysis of attacks
Generalization and synthesis of information on the attacks, in particular from the point of view of validating appropriate defence plans and scenarios
Discovery and understanding of sophisticated attack patterns and vectors against the targets
Stress-handling and decision-making under multiple bad choices

Technical environment

The Gamenet represents a typical IT organisation (infrastructure company) and consist of about 40 different virtual machines that are under full control and management of defending Blue Teams. Besides regular business IT systems the Gamenet includes a very simple Power Generation and Distribution system with a Control Centre, which is fully virtualized. The Gamenet comprises the following network segments:

Demilitarized Zone (DMZ) – DMZ hosts internet facing publicly available services of the Blue Team.
Internal Office Segment (INT) – INT or internal office network hosts Blue Team internal services and end user workstations.
Security and Monitoring Segment (SEC) – SEC host various security tools that the Blue Teams can use for monitoring purposes.
WiFi Segment (WiFi) – This network segment should be considered as guest WiFi network. Hosts inside WiFi network are not under the Blue Team management.
Critical Infrastructure Control Center (CI) – This network segment hosts Energy Company control room related systems that are used to manage energy distribution network.
Cloud zone hosts one customer website that is managed by Blue Team and also one test virtual machine.

Target audience

The target audience for the exercise is technical personnel involved in technical IT-security and cyber defence. The aim is to take the Blue Teams out of their comfort zone and give them the challenge to deal with the unknown environment. Each Blue team should have between 4-6 members covering different roles and responsibilities.

Evaluation of participants

CybExer has developed a situational awareness and participant scoring software (ISA) that provides real-time visualisation and comparison of exercise data. The scoring of the Blue Teams’ performance is displayed live as the exercise progresses, detailing the status of each team, team scores with score breakdown, exercise timeline, and individual scores. Such scoring contributes enormously to the overall training experience, enhances later analysis, and improves the general observability of the exercise.

Registration

Venue: Estonian Business School Helsinki (Mechelininkatu 3C, 00100 Helsinki, Finland)
Date: May 4-5, 2023
Cost: 8,000.00 EUR + VAT for one Blue Team (4-8 participants).
Ask for Individual Seats in the shared Blue Teams!
Registration for exercise: sales@cybexer.com
Contact: atro.ranta-aho@cybexer.com

Agenda

Day 1 (4th of May)

09:00 – 10:30 Preparational Training
- Verifying access to Cyber Range Platform tools – visualization & scoring system, documentation, reporting & task submission, green team ticketing system, virtual machine access
10:30-12:00 Gamenet familiarization & team setup
12:00 – 13:00 Lunch
13:00 – STARTEX of the exercise
- Exercise starts. Blue Teams must monitor the environment for detecting Red Team attacks and perform post attack investigations on Red Team activities. There is no focus on system hardening and other general defensive tasks.
16:30 Deadline for Blue Team Situation Report I (SITREP I)
17:00 End of day 1

Day 2 (5th of May)

09:00 – Threat Hunting Exercise
- Exercise continues.
12:00 Deadline for Blue Team Situation Report II (SITREP II)
12:00 – 13:00 Lunch
13:00 – Threat Hunting Exercise
- Exercise continues.
15:30 Deadline for Blue Team Situation Report III (SITREP III)
16:00 – 17:00 Hotwash Session
- White Team feedback to Blue Teams
- Red Team campaign overview
- Award ceremony
17:00 – End of day

Cyber exercise with proven track record

The first cyber resilience exercise – Cyber CoRe took place in Estonia in March 2019 with teams from both government sector and private sector participating in a tough and heated 3-day live-fire cyber security exercise. The international teams were defending their gamenets against Red Team attacks.

Recent news

CybExer Team Shares Cybersecurity Expertise With Partners in Georgia Through Training Sessions With eGA
February 9, 2024

CybExer Technologies, in partnership with e-Governance Academy, is delivering a set of tailored cybersecurity training programs for professionals working in Georgia’s Defence Forces. The program is being executed under the […]

Read more
CybExer and eGA Conducted an Exercise to Enhance Cyber Resilience of Ukrainian Organizations
December 22, 2023

CybExer Technologies and e-Governance Academy have been continuously supporting Ukrainian public stakeholders in enhancing their abilities and empowering their teams to respond to cyber-attacks. A cybersecurity exercise with this mission […]

Read more
CybExer Technologies and eGA Have Set up the Cyber Lab for Ukrainian Armed Forces
December 20, 2023

CybExer Technologies, in collaboration with e-Governance Academy, is helping Ukrainian Armed Forces by setting up a cyber lab for their cyber defense units. The project is being executed within the […]

Read more

Cyber Resilience Helsinki 2023, May 4-5th