Organisers are praising the success of a multi-nation exercise
and meanwhile in the real world, it still goes on.
Organisers are praising the success of a multi-nation exercise – hosted by the UK – that aimed to test response to serious cyber crime. Exercise Silver Shadow, which was run by the National Crime Agency (NCA)’s National Cyber Crime Unit (NCCU), funded by the Foreign and Commonwealth Office and supported by the Home Office, saw …
Yes - these exercises are always a success for two reasons:
(1) so the "bad guys" aren't told that the defences are useless and that there is much opportunity to attack, and
(2) the government which has poured lots and lots of money into are assured that their "investment" is paying off.
I thought the summary from the NCA gentleman was very good - he essentially admitted that there were problems and they wanted to address them.
But point taken - yes, in the real world crims don't read the script, so they always forget their parts.
I don't know whether the scenario has much effect on the exercise but if it does then this seems to follow a traditional military strategy planning pattern: fighting the last war or the war before that. Even a scenario modelled on Sony would have been more recent than that chosen but the current attack-de-jour seems to be DDOS.
"The event platform was a specialist Serco service"
Serco? They can't even maintain the ScotRail sleeper trains to a safe standard. WTF chance have they got of knowing anything about computer hacking? A company who finds it impossible to provide hot water, working toilets, working lighting, safe brakes or round wheels on their trains