Supporting the FCDO in exercising partner nations’ response to cyber attacks

As part of its Conflict, Stability and Security framework, the Foreign, Commonwealth and Development Office (FCDO) wanted to run a series of cyber exercises in order to build relationships with partner nations and enhance cyber resilience within a strategic geography. 

In partnership with defence and security think tank RUSI and exercise platform partner Immersive Labs, we delivered 8 virtual Cyber Tabletop Exercises with a total of 37 participant nations. This included 6 bilateral exercises with individual nations – including Sri Lanka, Colombia, Malaysia, Japan and Indonesia – with the goal being to develop and encourage collaboration between the different nations taking part in the sessions.

Each of the exercises were developed to be bespoke to the partner nation’s requirements, and realistic to the threats affecting that nation and its industries and ecosystems. These included financial heist attacks against financial ecosystems, ransomware attacks against Critical National Infrastructure, and persistent espionage attacks against a government’s defence ministry. In each of the bilateral exercises, we worked directly with the engaged nations and their nominated teams to understand how their incident response capabilities could most benefit from the exercise.

To make the exercises even more engaging, Immersive Labs’ specialist platform Crisis Sim provided a gamified experience. The platform brings cyber crises to life and enables participation from a variety of group sizes – as well as a scoring system and discussion capacity for measurement, monitoring and evaluation. Using Crisis Sim, we developed a topical and geographically relevant cyber exercise, engaging with the nation and its relevant teams in order to create a plausible and bespoke exercise scenario which could be built into and delivered via Immersive Labs.

Using our threat intelligence to build the story

For each of the exercises delivered in this project, we were able to leverage the wealth of our in-house Threat Intelligence capability and expertise from our mature TI service and its expert analysts to make the exercises as true to life as possible. Using our deep and technical understanding of real-world sophisticated cyber threat actors and their Tactics, Techniques, and Procedures (TTPs), we were able to make each of the exercises an engaging and informative learning experience for all the participants.

Each of the bilateral cyber exercises, delivered directly to each engaged nation and its participating industries and organisations, involved scenarios that reflected widespread, real-world incidents affecting the following sectors and industries:

• An attack on a nation’s financial ecosystem – using intelligence from our reporting on attacks against the financial sector, including the 2016 Bangladesh Bank heist during which close to US$81 million was criminally transferred.
• An attack on a nation’s defence sector – building on our TI service’s ongoing tracking of sophisticated state-sponsored groups and their targeting of defence and government organisations.
• An attack on a nation’s energy sector – reflecting ransomware attacks against critical national infrastructure industries, such as the 2021 attack against the Colonial Pipeline.
• An attack against a strategically important public event – using our ex-policing and national security experts to inform a scenario built on a cyber-enabled event crisis.

The multi-organisational exercises delivered as part of this project also encouraged and demonstrated the importance of collaboration between the nations and their incident response teams during an international incident. This supported those partaking CSIRTS and CERTs in sharing intelligence and collaborating in the future during potentially widespread incidents.

Handling a national incident

Through this project, which was led by my colleague Miriam Howe, we were able to support the FCDO in testing and improving the incident response capabilities of many nations strategically important to the UK. In doing so, we helped 37 nations identify areas of improvement for their crisis management and incident response processes, including through:

• Providing the participants with a practice for investigating and handling a simulated realistic national-level cyber incident
• Improving the communications channels between critical organisations during a widespread, national incident.
• Promoting the professionalism of both UK FCDO and BAE Systems as responsible cyber actors.

Following the successful delivery of these exercises, and others like them, the FCDO is looking to prepare and run more exercises in the coming months and years to further support its objective of enhancing cyber resilience through cross-nation collaboration and information sharing.

Speaking about the session, Rob Gordon – Head of the CSSF Global Cyber Programme – said: “The objectives of the FCDO CSSF Cyber Portfolio are derived from the UK National Cyber Strategy. In particular, Pillar 4 – ‘Advancing UK global leadership and influence for a more secure, prosperous and open international order’.

“The focus of our project with BAE Systems and RUSI was to help raise awareness of cyber security threats, build resilience to cyber attacks and promote trusted and secure technology. The post-COVID lockdown world has demonstrated that Critical National Infrastructure, from healthcare systems to national power grids, will have an even greater reliance on cyberspace in the future. Providing exercises of this nature, tailored to local priorities and needs, will be important in helping build this resilience across the world – especially with regards to such critical systems.

“The agile nature of both the design and delivery of the exercises enabled the project to tailor exercises to particular sectors, organisations and specific local needs, including delivery in local languages. The project proved adaptable by delivering in different regions such as Asia, the Indo-Pacific and South America. It also was utilised in a multi-lateral environment to deliver exercises that reached and benefited multiple countries working jointly together.” 

Ultimately, the project highlighted how important it is for teams from different countries, governments and sectors to work together in response to cyber attacks. In today’s threat landscape, clear crisis response mechanisms and communication strategies between nations are vital for responding to cyber threats and building resilience.
 

Understand the evolving threat landscape is a key part of maintaining robust defences. BAE Systems' Threat Intelligence team generate original insights through research and collaboration with customers and partners