Published on 17 Oct 2024
The Cyber Security Agency of Singapore (CSA) organised the 19th iteration of the ASEAN CERT Incident Drill (ACID) held on 15 and 16 October 2024. This was held in conjunction with the Singapore International Cyber Week 2024, Asia-Pacific’s most established cybersecurity event.
An annual drill hosted by Singapore since 2006, ACID tests incident response procedures and strengthens cybersecurity preparedness and cooperation among CERTs in ASEAN Member States and ASEAN Dialogue Partners. This year’s ACID is held in a hybrid format with the Singapore CERT (SingCERT) stationed at the newly launched ASEAN Regional CERT located at the ASEAN-Singapore Cybersecurity Centre of Excellence.
Themed “Navigating the Rise of AI-Enabled Cyber Attacks”, this year’s ACID was chosen against the backdrop of the multifaceted application of Artificial Intelligence (AI) technology for attack and defence. The threat of AI-powered cyber-attacks is escalating, as malicious actors increasingly leverage AI to assess targets and develop techniques to evade detection mechanisms, compromising organisational security. Through email injects, this year’s drill simulates similar tactics employed by threat actors, such as the use of AI to develop malware and AI-generated phishing messages.
This year’s ACID includes a Tabletop Exercise (TTX) developed and moderated by SingCERT. In the TTX, scenario injects were provided for participants to discuss how they would respond to them, giving participating CERTs the opportunity to share information on their incident response processes, best practices to identify areas for further improvement and enhance their operations planning capabilities.
The 19 CERTs that participated in this year’s ACID provided feedback that the drill and TTX enhanced participants’ capabilities and exposed their teams to new incident response scenarios and analysis techniques. Participants also feedbacked that the drill and TTX highlighted the threats posed by emerging technologies such as Artificial Intelligence, allowing the teams to practice responding to a diverse range of relevant scenarios.