CY4GATE – Cyber Threat Hunting

Over the past years and months, the world has seen ransomware attacks with serious consequences targeting not only large companies but entire countries. In May 2022, Costa Rica declared a national emergency amid a series of attacks affecting nearly 30 public institutions and services, including tax collection, social security and customs. Is such a shift in scale becoming the new norm, and what is the reason for these escalations? How can the EU support partner countries through cyber capacity-building initiatives?

A ransomware attack against a country requires knowledge, skills and intelligence, which are usually possessed by operators with government background. This is a game with a lot at stake for both parties – the victim nation will do everything it can to catch the attackers, but if it fails, confidentiality, integrity, and availability are at risk. In the panel discussion, we will explore the possible motivation of attackers operating in the LAC region and address the options for nations to build resilience. The panellists will explain how the EU-funded Cyber Capacity Building projects and International Counter Ransomware Initiative can help countries to better combat cyberattacks and protect their digital societies.

Organized and moderated by EU CyberNet, the one-hour panel consists of cyber security specialists from Latin America, North America and Europe, who lift the lid on state-sponsored ransomware attacks and coordinated CCB potential.

In the past, most cyber conflict research relied on individual case studies of prominent incidents. While well-documented, a predominant focus on these outliers limits the public understanding of the overall threat landscape. Covering more than 1,800 effect-generating cyber operations reaching back to the year 2000, the European Repository of Cyber Incidents (EuRepoC) is seeking to narrow this data gap.

Evaluating more than 60 indicators to document the life cycle of cyber operations and the state responses they evoke, EuRepoC regularly contends with challenges involved in the systematic, continuous, and comprehensive classification of cyber incidents, especially posed by open-source reporting. Based on practical examples, the workshop will guide participants through an evaluation of the attack chain and strategic drivers of operations, questions of political responsibility, and efforts to impose costs on threat actors. Workshop discussions will provide a platform for sharing techniques to assess the impact of different cyber operations in light of incomplete and evolving public information.

Quick communication is essential in a cyber crisis. It can be incredibly difficult to achieve this at the national level where roles and responsibilities for crisis coordination are often split between government agencies, private sector operators and military bodies. The war in Ukraine has demonstrated that resilience and defence can be achieved when civil and commercial actors are seen as partners, which requires trust and understanding.

This workshop will explore how nations can embrace and enhance cyber exercises to build trust between key stakeholders in cyber defence and national security. This will involve exploring the barriers to effective responses to cyber crises. The first section of the workshop will pilot a strategic-level table-top exercise that allows participants to play out an unfolding cyber crisis scenario and invites them to test their decision-making skills and resource allocation to mitigate a cyber threat successfully. Invited experts will then offer insights on building a trusted ecosystem of actors for national cyber defence, followed by all participants having an opportunity to weigh in on national trust-building.

The workshop is open to all CyCon participants but we advise that registrants have some existing knowledge of or active interest in cyber exercises and national cyber crisis coordination.

Previous workshops in this series have focused on cyber exercises across NATO:
CyCon 2022 workshop summary report NATO Cyberspace Exercises: Moving Ahead
CyCon 2021 workshop summary report Cyber Exercises: A Vision for NATO and interim paper Trust in Cyber Exercises: A Vision for NATO

Please note that anonymized notes will be taken throughout the workshop and may be used to inform future workshops, game design and publications. The game as developed will be available to participants and for use in the future.

How do you reach your audience with cybersecurity training? Designing practical and engaging training is challenging, but instead of death by powerpoint, flying chalk, or endless lectures, how about trying to gamify your training? A well-designed training exercise or game offers a hands on experience for the participant which engages the learner in a more active learning process. This in turn leads to better retention of lessons learned and application of the skills outside of the training context.

Participants will get the opportunity to design their first game-based learning exercise and leave the workshop with their own game prototype.

This workshop is open to all CyCon attendees no matter their experience with games or exercises.