[ISN] Aussies chair Asian wargames

From: InfoSec News (alerts@private)
Date: Mon Jan 15 2007 - 23:29:55 PST


By Michael Crawford 

The Asia Pacific Computer Emergency Response Team (APCERT) completed its 
third annual test drill last month with the Australian Computer 
Emergency Response Team (AusCERT) acting as chair of the event and 
working group.

Around 15 computer security incident response teams (CSIRT) from China, 
Brunei, India, Japan, Korea, Malaysia, Singapore, Thailand, Taipei, Hong 
Kong and Vietnam participated in the war game held on December 19, with 
the objective of testing existing incident response locally and 
internationally to Internet-based attacks.

The scenario involved a situation where Web sites were infecting 
computers with malicious code to create a global DDoS (distributed 
denial-of-service) attack directed at e-commerce sites. Participants 
were required to share information regarding incidents, and detect or 
shut down systems hosting malware or launching DDoS attacks. In some 
countries major Internet Service Providers (ISPs) and law enforcement 
agencies were involved in the drill.

Graham Ingram, chair of APCERT and director of AusCERT, said the drill 
is designed to review and improve procedures.

"The drill is important for us to have a chance to share the common 
experience on cross-border incident handling and helps us refine and 
test the points of contacts and procedures we have established to share 
and respond to active Internet attacks in progress," Ingram said.

"The reality is that APCERT members are already very active in helping 
each other respond to Internet attacks within our respective economies, 
hence drills like this help us improve our procedures and ensure that we 
are prepared to help each other as best we can."

Husin Jazri, director of the Malaysia Cyber Security Agency (MCSA) said 
the drill reinforces collaboration among participating countries.

"The exercise illustrates the criticality in having immediate access to 
an effective contact point beyond physical borders across time domains," 
Jazri said.

"Infrastructure attacks can be mitigated given the speed and competency 
in dissecting and analyzing evidence and informed decisions can be made 
in a short time period."

The Korea Information Security Agency developed the drill scenario and 
initiated the drill. Mr Woo-Han Kim, head of the Korea Information 
Security Agency (krCERT/CC) said it was designed for international cert 

"The drill is basically intended as a cross-border incident handling 
scheme," Mr Woo-Han Kim said.

"The practical handling needs close cooperation, seamless communication 
and effective decision making between CSIRTs and ISPs in each economy."

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Mon Jan 15 2007 - 23:33:01 PST