For over two years, Retrospect Labs has been working closely with our Australian Government colleagues at the Department of Foreign Affairs and Trade (DFAT) and Thailand’s recently established National Cyber Security Agency (NCSA). Together, we delivered a multi-phased cyber security exercise program to critical information infrastructure organisations based in Thailand. We were fortunate to receive a grant from DFAT, under their Cyber and Critical Tech Cooperation Program (CCTCP), to deliver the program in Thailand.
It was our first time delivering a series of cyber security exercises outside Australia! And, of course, the ongoing pandemic meant we needed to adapt and change our initial plans for delivery in Thailand, since travelling internationally in general was difficult. Our main goal of the program was to uplift the incident response readiness of participating organisations, so that they had the knowledge and skills to respond to a cyber security incident quickly and effectively.
We started the program by covering the fundamentals of Incident Response. This included industry accepted frameworks (like those produced by MITRE and NIST), what should be included in an Incident Response Plan, common cyber security tools, and how to manage an incident effectively (such as balancing the need to maintain operational security whilst also communicating effectively with impacted parties). As participants moved through the program, they learnt more about the skills and knowledge required to respond effectively to an incident. The program culminated in a multi-day hands-on guided exercise, where participants got to put theory into practice, through a hands-on guided cyber security exercise. From the feedback we received, we know that participants not only thoroughly enjoyed it, but that they picked up more than a few tidbits of knowledge through the program, and we were impressed by the level of involvement and dedication shown by our Thailand based colleagues who we partnered with to assist.
We were very privileged to be introduced to some of the excellent people working at the National Cyber Security Agency (NCSA) of Thailand, who were the primary organisation we engaged with in Thailand. We worked closely with the NCSA team to facilitate and organise the different sessions. Several hundred people participated in our exercise-based training program, from all seven Thai critical infrastructure sectors. We could not have achieved this without the NCSA's assistance, they acted on our behalf, approaching Thai critical infrastructure providers, encouraging them to participate in the program, and ensuring that what we were delivering was relevant, and appropriate, for the audience. It was great to see how the NCSA is approaching cyber security in Thailand, and we commend them for being forward leaning and willing to partner with us, and the Australian Government, to achieve such great outcomes!
We received amazing support from the team at DFAT - including those based in Canberra, but crucially, our supportive points of contact from the Australian Embassy in Bangkok. These hardworking diplomats are doing their very best to bring the world of cyber security to international relations, and it was a truly special experience to be able to work with such dedicated and smart DFAT officers. We relied heavily on the support and guidance DFAT was able to provide us, especially when it became impossible for us to travel! It is great to see the Australian Government's focus on cyber security extend beyond our domestic borders, especially since cyber is an international challenge for all of us. The more interconnected the world becomes, the more crucial it is that countries like Australia and Thailand step up and be regional leaders in cyber, if we are to continue to counter the ever increasing complex threats we face.
"Cyber and critical technologies present Australia, Thailand and the world with opportunities to seize and challenges to manage. I’m delighted to work with partners like Retrospect Labs and the Thai government to deliver a positive impact on the capacity and resilience of our region."
Dr Tobias Feakin, Australia’s Ambassador for Cyber Affairs and Critical Technology
That was our first step into delivering exercises internationally. Disruptions from the pandemic aside, we couldn't be happier with what we achieved in Thailand! Incident Response is an incredibly important aspect of cyber security, when an incident does inevitably happen, you need to know how to respond to it quickly and effectively. It’s also important to note that preparing for an incident is not just a once off thing, it is something that needs to happen continually. The attackers keep improving, so we as defenders need to keep training to stay ahead of them. We are proud to have delivered meaningful and realistic exercises for Thai critical infrastructure organisations, and to help them continue their journey into maintaining readiness for when cyber incidents occur.
We can't wait to continue our journey with DFAT through the CCTCP - coming up next we are delivering cyber exercises in Laos and the South Pacific. Watch this space!