By Michael Crawford
The Asia Pacific Computer Emergency Response Team (APCERT) completed its
third annual test drill last month with the Australian Computer
Emergency Response Team (AusCERT) acting as chair of the event and
Around 15 computer security incident response teams (CSIRT) from China,
Brunei, India, Japan, Korea, Malaysia, Singapore, Thailand, Taipei, Hong
Kong and Vietnam participated in the war game held on December 19, with
the objective of testing existing incident response locally and
internationally to Internet-based attacks.
The scenario involved a situation where Web sites were infecting
computers with malicious code to create a global DDoS (distributed
denial-of-service) attack directed at e-commerce sites. Participants
were required to share information regarding incidents, and detect or
shut down systems hosting malware or launching DDoS attacks. In some
countries major Internet Service Providers (ISPs) and law enforcement
agencies were involved in the drill.
Graham Ingram, chair of APCERT and director of AusCERT, said the drill
is designed to review and improve procedures.
"The drill is important for us to have a chance to share the common
experience on cross-border incident handling and helps us refine and
test the points of contacts and procedures we have established to share
and respond to active Internet attacks in progress," Ingram said.
"The reality is that APCERT members are already very active in helping
each other respond to Internet attacks within our respective economies,
hence drills like this help us improve our procedures and ensure that we
are prepared to help each other as best we can."
Husin Jazri, director of the Malaysia Cyber Security Agency (MCSA) said
the drill reinforces collaboration among participating countries.
"The exercise illustrates the criticality in having immediate access to
an effective contact point beyond physical borders across time domains,"
"Infrastructure attacks can be mitigated given the speed and competency
in dissecting and analyzing evidence and informed decisions can be made
in a short time period."
The Korea Information Security Agency developed the drill scenario and
initiated the drill. Mr Woo-Han Kim, head of the Korea Information
Security Agency (krCERT/CC) said it was designed for international cert
"The drill is basically intended as a cross-border incident handling
scheme," Mr Woo-Han Kim said.
"The practical handling needs close cooperation, seamless communication
and effective decision making between CSIRTs and ISPs in each economy."
Subscribe to InfoSec News