//Blogs - 30 May 2019

An experience of APNIC Foundation's 3rd Regional CERT/CSIRT workshop for the Pacific.

 

I feel incomplete when I hear only one voice, and this blog is, in its form just that, one voice about an event I had the honor of being part of.   My preferred option, to make a story whole, is to take the different voices and listen other people tell the story of what happened.  This way I get a better picture of the impact and significance of an event or perhaps glimpse a pattern of directed effort.


The event was the APNIC Foundation's 3rd Regional CERT/CSIRT workshop for the Pacific and the the glimpse of the effort was APNIC Foundation's drive to impart skills, know-how, and cohesive trusted contacts, to as many Pacific nations as possible given APNIC Foundation's engagement over the past few years.  These activities supports APNIC, in building human and community capacity for Internet development in the Asia-Pacific region.

This workshop was organized by the APNIC Foundation with support from APNIC and Samoa's Ministry of Communications and Information Technology, and funding from the Cyber Cooperation Program (Australia's Department of Foreign Affairs and Trade - DFAT).

Participants of APNIC Foundation's 3rd CERT/CSIRT workshop for the Pacific


My recollection of the APNIC Foundation's 3rd Regional CERT/CSIRT workshop was from the perspective of a guest assistant speaker, bringing only a splinter of expertise from AusCERT along with its perspective of cyber security as a non-profit member-based CERT. I have been fortunate to join APNIC's Adli Wahid, a veteran of delivering these types of courses, in facilitating the workshop. 

 

Participant at one of the sessions of the 3-day workshop


And so in delivering some of the material over the three days, I did get the chance to hear the perspective of cyber security from different Pacific nations, but not just at the national constituency level, but also at the level of Financial Institutions Universities Ministries Law Enforcement and Utilities.


Every person that attended brought their own skill sets and perspectives on cyber security given to them by their opportunity and work environment.  Every Pacific nation that sent a delegate to the workshop brought their skills and perspectives, to be honed from a barrage of tools and techniques that could be fit in the time three days can offer.  Let's be clear, these delegate were not empty vessels that were filled up with skills in three days but already had a solid foundation of process and techniques. The three days just brought in new tools and shared perspective.  


This was evident, with a little coaxing, from the effective interaction on the final day's table top exercise.  The participants were split up into five distinct teams with economy wide responsibilities.  One of the first questions that I was asked was, "...is this a competitive drill?...",  where one team needs to outdo another.  Perhaps it should have been, but the purpose of this table top exercise, as is the case in solving internet borne issues,  is apply a collaborative effort to efficiently and effectively address cyber security.  At the end of the exercise, all triggers to take down malicious infrastructure were called out by various player-teams and a sense of empowerment from each team came out from the fact that each contributed a meaningful task in cleaning up the exercise's scenario.  


Each team with their set of expertise and their vision into the scenario, realised that in solving of cyber security issues, each had a very important piece of work to do in addressing the problem as a whole, and were by the end of the day, working together as one.  What filtered out as the best lesson out of the three days of the workshop, is that it is paramount to make an effort that internet connectivity be molded and protected, as a tool to bring out the best opportunity for economic growth at every level of society that the internet touches.  


It's been great to have seen APNIC Foundation's take that effort of uniting skills and collaboration across the Pacific for the third time, and it is hoped that they will be given the tools to continue this effort far into the future.  For, although I was honored to be a guest speaker for the 3rd Regional CERT/CSIRT workshop, I feel I too learned a lot from the delegates and that I'm bringing back to AusCERT able and trusted contacts that, should we see cyber security issues in the Pacific, we can all collaborate with them on making a safe, clean and reliable internet.
 

Geoffroy Thonon
Senior Information Security Analyst
AusCERT