The Asia Pacific Computer Emergency Response Team (APCERT) completed its third annual test drill last month with the Australian Computer Emergency Response Team (AusCERT) acting as chair of the event and working group.
Around 15 computer security incident response teams (CSIRT) from China, Brunei, India, Japan, Korea, Malaysia, Singapore, Thailand, Taipei, Hong Kong and Vietnam participated in the war game held on December 19, with the objective of testing existing incident response locally and internationally to Internet-based attacks.
The scenario involved a situation where Web sites were infecting computers with malicious code to create a global DDoS (distributed denial-of-service) attack directed at e-commerce sites. Participants were required to share information regarding incidents, and detect or shut down systems hosting malware or launching DDoS attacks. In some countries major Internet Service Providers (ISPs) and law enforcement agencies were involved in the drill.
Graham Ingram, chair of APCERT and director of AusCERT, said the drill is designed to review and improve procedures.
"The drill is important for us to have a chance to share the common experience on cross-border incident handling and helps us refine and test the points of contacts and procedures we have established to share and respond to active Internet attacks in progress," Ingram said.
"The reality is that APCERT members are already very active in helping each other respond to Internet attacks within our respective economies, hence drills like this help us improve our procedures and ensure that we are prepared to help each other as best we can."
Husin Jazri, director of the Malaysia Cyber Security Agency (MCSA) said the drill reinforces collaboration among participating countries.
"The exercise illustrates the criticality in having immediate access to an effective contact point beyond physical borders across time domains," Jazri said.
"Infrastructure attacks can be mitigated given the speed and competency in dissecting and analyzing evidence and informed decisions can be made in a short time period."
The Korea Information Security Agency developed the drill scenario and initiated the drill. Mr Woo-Han Kim, head of the Korea Information Security Agency (krCERT/CC) said it was designed for international cert collaboration.
"The drill is basically intended as a cross-border incident handling scheme," Mr Woo-Han Kim said.
"The practical handling needs close cooperation, seamless communication and effective decision making between CSIRTs and ISPs in each economy."