Ransomware attacks and water bottles: behind the scenes at the CDT summer school: Oliver Bock-Brown

 10:07am, 28 June. Alphaland Health Services is hit by a major ransomware attack, taking down key computer systems throughout the country’s health services, and potentially impacting a critical vaccine manufacturer. Teams representing a range of organisations, from the President’s Office down to ISPs and threat intelligence firms, scramble to work out what is going on, and how to respond to this threat. In a rapidly changing environment, the teams frantically communicate with each other in a desperate attempt to identify the perpetrators and stop further attacks from happening. But when indications point to the militaristic neighbouring state of Bravoland, how will they respond? Will the teams feel they have enough reliable information to launch a counterattack? Or will the doubts from some groups be enough to prevent all-out war?

That was the situation facing attendees on the first morning of this year’s joint CDT summer school, a three-day event predominantly run by a team of CDT students from the five institutions involved (RHUL, Bath, Bristol, UCL and Oxford). The opening crisis simulation, orchestrated by Royal Holloway’s own Neil Ashdown, placed ten teams into this fictional scenario, and asked them to respond under increasing pressure as confusing, and sometimes misleading, updates were fed to them throughout the morning. Those of us running the morning’s activities watched as the teams fired off messages on the Discord server and reacted to the scenario injects that we gave them. It was fascinating to see how the scenario developed a life of its own, as decisions were made by the teams in the heat of the moment. In the end, we drew to a close just as the teams launched a major cyberattack against Bravoland, plunging their capital city into darkness, and prompting outcry from the Bravoland ambassador.

Despite the amusing moments, simulations like this have a serious side. They bring together large groups of people, often from a variety of disciplines and backgrounds, and ask them what they would do if they were faced with a complex situation like a ransomware attack. It’s one thing to think theoretically about a multifaceted sociotechnical issue like this, yet quite another to experience a simulated, real-time attack. Combine this with the need to work with other groups of people to come up with a coherent response – some of whom may have very different sets of priorities – and you’ve got a potentially highly illuminating learning experience. This sort of exercise can, therefore, be very useful in thinking through possible futures, in a variety of arenas. It allows people to experience a plausible future in a much more immersive way than a dry report could possibly achieve, and in the process, it can shape thinking, and help people picture futures that they want to work towards, or avoid. Indeed, scaled up, these exercises can also potentially help reveal those ‘unknown unknowns’ that Donald Rumsfeld so famously highlighted following 9/11, as they help to generate insight into novel situations.

Following this opening crisis simulation, the summer school provided many further opportunities for interdisciplinary collaboration and learning for the PhD students attending. This is arguably more important than ever when most people are still working remotely, and perhaps finding it difficult to connect with people outside of their immediate circles and disciplines. To that end, we had a range of events and activities on offer throughout the three days, under the theme of ‘Resilience: Systems, Societies and Threats’, including keynotes from Bruce Schneier, Jason Healey, and Ciaran Martin, and skills sessions from Lizzie Coles-Kemp and Rikke Bjerg Jensen. And on day two, the CDTs organised a data visualisation challenge that, I think it’s fair to say, gave what abilities we had a strong workout. The judges were very generous in their feedback, however, with the challenge proving an illuminating insight into what can be achieved with data science.

Behind the scenes, a lot more work went into organising this event than I had initially imagined. The student organising committee first convened months before the event itself, with big aspirations and a feeling of ample time. This quickly morphed into disbelief at the speed with which the event was approaching. We worked frantically to organise speakers, schedule events, and bring together the programme before we hit our deadline. The original student committee ended up branching as subcommittees were formed, focused on things like the crisis simulation and the delegate packs. At one point we even ended up with a subcommittee within a subcommittee, as we tried to get the graphic design sorted for printing (picture it as the bureaucratic equivalent of ‘Inception’…). If there’s one lesson to be drawn here, it’s that getting custom t-shirts and water bottles printed is surprisingly hard work.

Ultimately, the committee managed to bring everything together for a fun three days at the end of June, which included delegate packs being sent to participants’ homes, complete with a most excellent branded metal water bottle. For those of us on the committee, it was a valuable chance to get to know, and work with, people from the other cybersecurity CDTs – an opportunity to be valued even more given the physical disconnect of the past eighteen months. And I hope the range of events, from the crisis simulation to the skills sessions, proved useful and enjoyable for the fifty or so attendees, too. Perhaps they even stimulated an idea or two. Indeed, to quote Inception, “an idea is like a virus. Resilient. Highly contagious. And even the smallest seed of an idea can grow. It can grow to define or destroy you.” If just a few seeds of ideas were planted, then I think we can count the event a success.



Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more