17th Iteration of ASEAN CERT Incident Drill Tests CERTs’ Preparedness Against Disruptive Cyber-Attacks

ACID Exercise Controllers Conducting the Drill

The Cyber Security Agency of Singapore (CSA) organised the 17th iteration of the ASEAN Computer Emergency Response Team (CERT) Incident Drill (ACID) on 27 October 2022. This was held in conjunction with the seventh Singapore International Cyber Week (SICW), the region’s most established annual cybersecurity event.

An annual drill hosted by Singapore since 2006, ACID tests incident response procedures and strengthens cybersecurity preparedness and cooperation among CERTs in ASEAN Member States (AMS) and Dialogue Partners.

The theme of this year’s ACID is “Dealing with Disruptive Cyber-Attacks Arising from Exploitation of Vulnerabilities”. This theme was chosen in light of the log4j vulnerabilities discovered in late 2021, which presented the potential for highly disruptive cyber-attacks due to the ubiquitous presence of its service. Vulnerabilities can lead to business disruptions as threat actors exploit them for monetary gains or to support a political cause. This year’s scenario simulates an emerging triple extortion tactic employed by threat actors to extract a ransom from victim organisations.

Fifteen CERT teams from the ASEAN Member States and ASEAN Dialogue Partners participated in this year’s ACID. Participating CERTs provided positive feedback that the drill was well organised and helpful in providing incident response experience.