"The whole sector was able to experience again the need to work together in the event of a cyber crisis. That is why this kind of exercise remains of great value."
Record number of organisations participate in cyber crisis exercise OZON 2023
This time, the biennial exercise consists of an insider threat scenario where employees from one's own organisation also work for a criminal actor. Previous editions of OZON have included scenarios involving ransomware, ethical hackers and a state actor.
Realistic scenario
"This year, a record number of people participated and in this edition, too, we were quite challenged with this realistic scenario," said Jet de Ranitz, SURF CEO and chair of the board of directors.
Construction
On Thursday 23 March, the crisis drill starts at 9.30 am. A few people from each participating organisation are in the loop; most staff know nothing. The central scenario is shaped by SURF, and institutions can vary on this to fit their own exercise objectives as much as possible. During the day, the pressure on the participants keeps increasing, until 4pm when the first day ends. On Friday 24 March, the criminal associates are unmasked, the crisis builds and there is room for reflection. In the weeks that follow, SURF, together with participants, evaluates the exercise and incorporates lessons learned, learning points and feedback into a report.
Creation
For the fourth time, SURF, the ICT cooperative of Dutch education and research, has organised this sector-wide crisis exercise for its members. Charlie van Genuchten, OZON project leader at SURF, started preparations at the beginning of 2022. In a brainstorm with professionals from education, research and healthcare, the insider threat scenario was created. The scenario was then worked out at operational, tactical and strategic levels, taking into account the stages a real cyber crisis goes through. The exercise involved cooperation across the chain: parties such as the ministry and umbrella and industry organisations also participated in the exercise.
Scenario of cyber crisis exercise OZON 2023
The crisis exercise starts at 9.30am on Thursday, March 23. A hacker group, the Vulnerability Liberators, is frustrated that many organisations are not taking up their reports on serious vulnerabilities. The hackers are therefore declaring this day as Piñata Day where they publish a new vulnerability on their website every 20 minutes.
At the same time, incidents are presenting themselves at various places in the education chain: strange reports from enrolment and login platforms and at random institutions, connections to the internet are exhibiting glitches. Moreover, passwords giving access to secure cloud environments are published. Behind the incidents are employees under the direction of disgruntled crypto millionaire Elaine Geurtjes. She believes that education has failed in providing education for all and that institutions will pay for it with this hack.