11 Oct 2021
The 16th iteration of the ASEAN Computer Emergency Response Team (CERT) Incident Drill (ACID) was organised by the Cyber Security Agency of Singapore (CSA) on 5 October 2021. This year, the event was held in conjunction with the opening of the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) and the sixth Singapore International Cyber Week.
Hosted by Singapore since 2006, ACID is an annual exercise that aims to strengthen the cybersecurity preparedness and cooperation between CERTs in ASEAN Member States (AMS) and Dialogue Partners. Speaking at the opening of ASCCE, Mr David Koh, Chief Executive of CSA said, “One of ASCCE’s principal functions is providing capacity building for Computer Emergency Response Teams (CERTs), focusing on CERT-related skills as well as the exchange of cyber threat and attack-related information and best practices. ACID is a testimony to the robust CERT-to-CERT cooperation that we have established as a region.”
Mr David Koh, Chief Executive of CSA, and Mr Dan Yock Hau, Assistant Chief Executive of CSA (in the background), observing the progress of CERT teams during the drill.
This year's theme is “Responding to Supply Chain Attacks Against Businesses”. It was selected in view of several high-profile supply chain attacks such as the SolarWinds breach in December 2020 and the more recent Kaseya breach in July this year. Supply chain attacks can be extremely difficult to detect as it exploits vulnerabilities in the supply chain network to leverage on privileged network access between the vendor and their clients. This year’s scenario simulates a supply chain attack that originated from a compromised vendor’s software which thereafter resulted in a ransomware incident involving the client organisation’s system.
Mr Benedict Chong, one of the high controllers, broadcasting injects to CERT teams.
Fifteen CERT teams from the ASEAN Member States and ASEAN Dialogue Partners participated in this year’s ACID. Participating CERTs provided positive feedback that the exercise was well designed, and provided a good understanding of different techniques employed by threat actors in a supply chain attack. It was also an opportunity to learn about relevant mitigation measures that can be incorporated into an incident response plan for such attacks.