FIGURE 24. CYBER EXERCISE

GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
48 270.
The white team is in charge of the cyber exercise management, events inject management, assessment and rating of participants, communications between teams, evaluating blue and red team reports and user and media simulation.
271.
The green team is in charge of the design and implementation of the IT infrastructure and the management of the cyber range.
272.
The yellow team is responsible for developing and distributing cyber situational awareness
(CSA).
273.
The red team is in charge of planning and implementing cyber attacks against blue teams and providing data to the yellow team for the preparation of the CSA. In those cyber exercises rating the blue teams, the cyber attacks must be balanced in such away that each blue team receives cyberattacks that are comparable in amount, time and complexity.
274.
The blue team is the target audience. It is in charge of planning and executing the defense against the red team’s cyber attacks, coordinating and cooperating with other blue teams, providing data to the yellow team for the preparation of the CSA and preparing the technical, legal, forensic, and media reports.
275.
In small organizations that cannot afford a full-blown cyber exercise with five teams, they may choose to develop a blue-red-purple model (where the purple team is responsible for encouraging and facilitating cooperation between the red and blue team) or by a purple model (where the purple team performs the functions of the red and blue team. These models are not properly cyber exercises since their purpose is not training, but rather the analysis and assessment of the organization’s cybersecurity level.
276.
Offensive-technical cyber exercises focus on training inoffensive techniques against robust and dynamic defenses on the acquisition of experiences that are not usually attained in regular work on testing new technologies and on talent attraction. They are developed in a cyber range, in which real networks and systems are implemented and real techniques and tools are applied and all this framed in fictitious situations and scenarios based on probable real cases.
277.
Procedural cyber exercises aim to raise awareness among senior leaders and train them in decision-making; to coordinate and collaborate among agencies responsible for national cybersecurity issues and crisis management and to validate and verify the effectiveness of cyber defense/security procedures and standards. They are developed in debates where members of different teams discuss optimal solutions to fictional challenges during crisis situations, with the help of a facilitator who guides the participants through one or more scenarios or cases.
278.
Awareness-raising activities address three types of audiences high-level audience (senior leader handling sensitive information, interesting for cyber threats, general audience (IT systems end users) and cyber defense-specific audience (cyber force personnel) with the purpose of alerting them about cyber threats and cyber risks and promoting responsible behavior in cyberspace.
279.
Effective awareness must consider four aspects the message, message retention, implementation of the measures, and assessment of compliance.
280.
The message must be clear, appropriate to the target audience and easily distributed to each individual in the target audience.

GUÍA DE

Download 2.54 Mb.

Share with your friends: