2019 FIRST Regional Symposium in Nadi, Fiji

Hello, I am Takumi from Global Coordination Division.
I joined 2019 FIRST Regional Symposium – Small Island Developing States, which took place in Nadi, Fiji from the 5th through the 7th of November. Today, I am briefly sharing my experience at the event.

2019 FIRST Regional Symposium – Small Island Developing States

2019 FIRST Regional Symposium – Small Island Developing States

Organized by FIRST and supported by the Department of Foreign Affairs and Trade of Australia, this symposium aimed to give supports and networking opportunities to the personnel of emerging and developing CSIRTs in the Pacific Islands. The three-day long program consists of a workshop on cyber extortion and another workshop on critical infrastructure attack, basic and advanced CSIRT trainings, and several presentations on diverse CSIRT operations. Most participants were either personnel from national CSIRTs in the Pacific region or officials of these countries which are to launch their national CSIRTs in the near future. I joined the event to understand the current situation surrounding cyber security and CSIRTs in the region.

Plenary Sessions

On the first day of the event, there was a plenary session, where several presenters from different CSIRTs and corporations shared their experience of cyber security. These presentations covered diverse topics to reflect the ever-expanding CSIRT operations and missions these days.
For example, security engineers from the Google Sydney office presented on how to form a temporary team and appoint roles to each team member so that they can seamlessly continue to work on a large-scale incident, which they spell “Incident” with a capital “I.” The presentation also included some tips on how to communicate when handing over one’s duties to another and how to take care of the team staffs in a tiring and stressing situation.
The manager of the Communication and Engagement division at CERT NZ presented how to facilitate communications both within a CSIRT and between a CSIRT and other parties, individuals, and general public. She believes that her mission is to”help people talk/understand each other,” and her presentation covered various communication techniques such as “interpreting” between technical staffs and non-technical population, choosing the effective time and ways of communication, adjusting the quantity of information to deliver, and making a story (narrative) upon communication. It was very memorable and eye-opening for me that she avoided calling someone “user” because she regarded it as dehumanization of the person called.
Other experienced cyber security professionals presented on different topics such as digital forensics and incident response, policies and governance of cyber space, maturity assessment of CSIRTs, red team activities, and cyber security in industrial infrastructures. In this way, the plenary sessions were very informational for countries to make a blueprint of their CSIRT.

Table Top Exercise on Cyber Extortion

On the second day, there were two workshops, and I joined the table top exercise on ransomware attack case, which Mr. Adli Abdul Wahid, a Senior Internet Security Specialist at APNIC presented. The participants of this workshop were expected to act as staffs of a small ICT vendor which provides the government’s web-based services in a fictional small island nation called Kingdom of Mahi-Mahi:

One day, the company had a ransomware attack, and data of the governmental services got encrypted. The attacker asked for ransom in Bitcoins, but it is illegal for Mahi-mahian citizens to own or use Bitcoins. The ransomware said it would delete the encrypted files after 72 hours......

The participants were required to deal with this incident, responding to the attacker, the compromised user (the government), other uncompromised users (general citizens), and mass media. During the exercise, the attacker raised the ransom, newspaper reported damages way larger than the actual number, and other unexpected events happened. The workshop was realistic, exciting, and practical in that participants always needed to make decisions and act quickly in the fast-changing situations.

CSIRT Basic and Advanced Training

On the last day of the symposium, I listened to Mr. Maarten Van Horenbeeck’s CSIRT Basic Training. He started from specifying the responsibilities of common CSIRTs, distinguishing them from other cyber activities such as preventive measures like secure coding, dealing with hate speech on the Internet, and securing copyrights. The training also covered various important topics on the day zero of CSIRT, such as defining one’s constituency, deciding in which department/organization to place a CSIRT, and seeking the resource and funding for the CSIRT operations. The training was well-designed for small island countries which are planning to launch a CSIRT soon as well as those who launched one recently. Mr. Van Horenbeeck talked in very informative way, based on his wide range of knowledge and long experience in this field.

In Closing

Some countries among the Pacific islands are having their first submarine cables, and the speed of the Internet that connects these islands and the world will be upgraded literally from megabytes to gigabytes. While this change will improve people’s lives, the traffic increases rapidly, and cyber security will become a more urgent issue. JPCERT/CC would like to consider how we can contribute to this social change as a CSIRT with 20+ years of experience.

Thanks for reading.
-Takumi Nakano