Sponsored By

Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Q&A: Lessons Learned From the Middle East's National Cyber Drills

Suleyman Ozarslan, co-founder of Picus Security, discusses critical-infrastructure cyber drills in the region, who runs them, and what happens to the results.

Hands on keyboards
Source: Cultura Creative RF via Alamy Stock Photo

Some 170 organizations were tested by Qatar's National Cyber Security Agency in its National Cyber Drill exercises last month.

Such drills are an established part of cyber-resilience in the Middle East. Ethical hacker Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, who has been involved in cyber drills elsewhere in the region, talked to Dark Reading about how they work.

Suleyman Ozarslan

Dark Reading: What kind of entities participate in these simulations?

Suleyman Ozarslan: Entities participating are typically from critical infrastructure sectors, including government, energy, finance, utilities, telecommunications, transportation, and healthcare. For example, NATO's Locked Shields often includes energy firms and tech companies, and US Cyber Storm exercises involve a variety of critical sector companies.

DR: Is participation mandatory for companies, or can they choose not to participate?

Ozarslan: Participation is generally voluntary, but governments may strongly encourage involvement, especially for entities in critical infrastructure sectors. Some key industry players may be compelled to participate due to regulatory requirements. Companies may opt out for reasons such as concerns about exposing vulnerabilities, resource limitations, or competitive reasons, although this could mean missing out on valuable insights and improvements to their cybersecurity readiness.

DR: What do the exercises entail?

Ozarslan: The exercises in these simulations can vary widely but usually involve responding to simulated cyberattacks. These scenarios can include managing a data breach or a ransomware attack, defending against complex, coordinated attacks on critical systems, or recovering from them. For example, Financial Sector Cyber Drill in Turkey included a live-fire ransomware attack simulation involving real-time threat response.

DR: Who typically organizes the drills?

Ozarslan: These simulations are typically organized by national or international government entities. For example, Cyber Guard is part of the US Cyber Command's training program, and ENISA is responsible for Cyber Europe. These organizations collaborate with participating sectors and sometimes involve third-party cybersecurity experts or simulation platforms to create the exercise scenarios.

DR: What happens with the results?

Ozarslan: The results of these simulations are compiled into detailed assessments that highlight successes, failures, and areas for improvement. These results are used to refine strategies, improve policies, and guide cybersecurity investments. Information is usually shared among participants to enhance their individual and collective readiness, but confidential details are kept private.

DR: Is there a concern about failing in these simulations?

Ozarslan: Yes, participants are concerned about failing in these simulations due to the potential for damage to their reputation and the risk of adversaries discovering and exploiting weaknesses. To address this, detailed results of the simulations are rarely made public. The goal of these simulations is not to pass or fail, but to identify weaknesses in a low-risk environment and use that information to enhance overall security. Ensuring confidentiality helps participants feel more comfortable with the process and reduces the fear of negative consequences associated with any shortcomings identified during the simulations.

About the Author(s)

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights