Back in 2017 when the Cyber Cooperation Program (CCP) of the Australian Department of Foreign Affairs and Trade (DFAT) announced that it was accepting applications for cybersecurity activities in the Pacific, the APNIC Foundation’s submission focused on a cost-effective approach that would benefit the region as a whole through capacity and relationship building.
The Foundation proposed to use the funding to bring security expertise into the region in a series of workshops. The theme for the workshops would be cybersecurity and incident response — quite a timely topic since Tonga had recently established its national CERT, and other economies were starting to develop their own, or were otherwise expressing interest in developing their security capabilities.
Through this regional activity model, attendees from Pacific economies could meet a number of times to develop skills in the security and incident response areas and establish relationships that would assist them in sharing knowledge and responding to incidents in the future. Guided by close community consultation, it was agreed this model would be an effective way of providing value to many economies, in terms of planning for their own security response efforts, as well as enabling attendees to spread their knowledge and promote security awareness to various communities in their home economies.
The APNIC Foundation was successful in receiving a CPP grant and started organizing a three-part workshop series as well as support via regular consultations online. The first workshop was planned for Tonga, followed by New Caledonia (at APNIC 46), then Samoa.
The first two events ran successfully, with CERT and security teams from Vanuatu, PNG and Solomon Islands attending and developing their skills together. The same core set of people were invited to each workshop, to provide continuity and progression, but for the third workshop, we were happy to be able to extend invitations to attendees from Tuvalu, Kiribati, and an expanded contingent from the host economy, Samoa.
The final workshop in Samoa was supported by the Samoan Ministry of Communication and Information Technology (MCIT). It was opened by the MICT’s Associate Minister and Australia’s Deputy High Commissioner. It was attended by 32 representatives from 7 economies, including 14 women. Attendees came from a range of areas including national CERTs, systems and security administration, and management or policy-focused roles.
For the Samoa workshop, I was joined by Geoffroy Thonon, who provided a wealth of experience and practical expertise through his work at AusCERT and previously at MOCERT (Macau national CERT).
Figure 1 — Geoffroy Thonon at the Samoa workshop.
The workshop began by talking about establishing and running a security program — including current best practices. We also examined several case studies based on real-world scenarios to understand how those best practices fit together.
We then moved on to some practical exercises, based upon requests from the previous workshops. We looked at performing memory forensics using the Volatility framework, then moved on to network analysis using Zeek and Suricata. We also looked at some other tools to assist with incident response, and held a PGP signing session
On the last day, we organized a tabletop exercise simulating a phishing attack during a major event in the region. Participants were split into five national CERTs (Vanuatu, Tonga, Kiribati, Solomon Islands and Samoa) and had to analyse artefacts and perform incident coordination/response.
Figure 2 — A team works together on the tabletop exercise.
The tabletop exercise was designed for the teams to learn not only how to investigate an incident but how to coordinate security investigations between response teams, and how to communicate with the general public and other stakeholders. As Geoff noted in his blog post, each team “had a very important piece of work to do in addressing the problem as a whole, and by the end of the day were working together as one.” We emphasized the real-world nature of the scenario by even having the teams make video calls to each other to share information and discuss updates, as they would in a real response situation.
In addition to these training activities, attendees also had an opportunity to share information.
- Mitchell Tutangata (Cook Islands) talked about the Cyber Safety Pasifika program, where he is a trainer.
- Kensly Joses (Vanuatu) shared some updates on recent CERT VU activities.
- Suetena Loia Faauutala (Samoa) presented about Keybase.io, a chat app that uses PGP.
MCIT CEO, Talatalaga Mata’u was present at the closing session to present certificates to the participants.
Overall, the workshop was a success and generated a lot of discussion among the attendees, who we hope will continue to build on the skills they have learned and the relationships they have developed in these workshops.
This workshop was organized by the APNIC Foundation with support from APNIC and Samoa’s Ministry of Communications and Information Technology, and funding from the Cyber Cooperation Program (Australia’s Department of Foreign Affairs and Trade).
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.