On January 24-25, a conference and exercise on security operations “SecOps Europe 2018” is held in Budapest. SecOps Europe 2018 (https://secops-europe.com) is an international conference on Security Operations featuring cyber security exercises. Besides a Table Top Exercise for decision makers, a Red Team – Blue Team technical exercise on a cyber range was organized for invited Blue Teams. The invited Blue Teams were:
- Computer Security Incident Response Team Slovakia – CSIRT.SK (https://www.csirt.gov.sk)
- Czech National Cyber and Information Security Agency – NCISA (https://www.govcert.cz)
- NASK National Cybersecurity Center Poland (https://www.govcert.cz)
- Unicom Telecom Serbia (http://unicom-systems.net/home/unicert)
Unicom Telecom, security services provider with its UniCERT team (despite its role as commercial company not national CERT) represented Serbia in this exercise.
The organizers provided a very detailed and deeply planned exercise scenario. The goal of the Blue Teams was to respond to the incidents in each environment which represented a power company network in a small scale. Different types of incidents happened and the Blue Teams had a responsibility to find the relevant artifacts, provide forensic analysis and to respond in timely manner. A real-time dashboard,
which was publicly accessible on the internet and on screens on the venue, provided an insight on the teams progresses.
The UniCERT team was the only team which found all the artifacts and resolved all the incidents. The UniCERT, regarding the scoring system finished on the 3rd place. It was a great experience for the team to challenge our experience on an international level.