In October 2021, the Instituto Vegetius participated in one of the largest cyber defense exercises in the world!
Cyber Guardian is the largest cyber defense exercise in the Southern Hemisphere. Through simulated cyber-attacks based on the most current topics in cyberspace, participating organizations have the opportunity to train their teams in the areas of information technology, social communication, legal and senior management, who present solutions for the events presented. The objective is to find answers and propose action plans at the decision-making-management (crisis management) and technical (incident response) levels, integrating participants and intensifying collaborative action.
The Simulation
The simulation is based on a scenario that, although fictitious, is quite realistic where different types of attacks are carried out, allowing the complete immersion of the participants, who need to make real-time decisions to defend their critical infrastructures.
Previous editions
The first edition of the exercise, held in 2018, covered only the financial and nuclear sectors, bringing together 23 organizations and 115 participants. The second edition, in 2019, had 40 organizations and more than 200 participants. EGC3.0, held only from October 5th to 7th, 2021 due to the pandemic, had 350 participants from 65 organizations that were involved in the simulation of attacks on critical infrastructures in defense, water, energy, telecommunications, finance, transport and nuclear.
The exercise aims to integrate different teams from the public and private sector in the protection of critical structures. The premise of the exercise is not “if” but “when” a cyberattack will occur.
How was our participation?
The Vegetius Institute participated through a Cooperation Agreement with the Cyber Defense Command (ComDCiber) in the following activities:
· EGC Planning
Scenario Improvement
o Preparatory Workshops
o Research and study of cyber incidents, their repercussions and developments at the international level, and elaboration of realistic cybernetic scenarios contemplating characteristics of incidents based on recent vulnerabilities.
· Execution of the EGC
o Participation in sectoral thematic meetings, fostering debates and presenting possible points of view adopted by other countries in their cyber threat mitigation strategies.
· Lessons Learned from EGC 3.0
o Carrying out qualitative and quantitative post-exercise analyzes and studies, based on data collected during the exercise.
o Collection and formatting of lessons learned.
o Proposition of improvements for subsequent years.
o Proposing improvements to the processes and institutional framework aimed at national cybersecurity and cyberdefense, seeking to maximize the effects of the exercise and the cyber resilience of the country's main strategic sectors.