Cyber Shield 19, the second exercise organized by the Co-ordination for the Homeland Security System, took place at the Ministry of Defence on 27^th March. All members of the Co-ordination, headed by Deputy Prime Minister and Defence Minister Damir Krstičević, gathered at the exercise, which was held concurrently with this year’s first session of the Co-ordination. Along with the members of the Co-ordination, bodies and entities which are subject to the Act on the Cyber Security of Key Service Operators and Digital Services Providers participated in the exercise, while representatives of other institutions acted as observers.

Cyber Shield 19 is a continuation of Cyber Shield 18, but differs from last year’s edition. The biggest changes were introduced with the adoption of the Act on the Cyber Security of Key Service Operators and Digital Services Providers last July. The Act identifies the criteria for the definition of key service providers and incidents with substantial damage. It also lists the obligations of competent sectoral authorities and proscribes procedures for reporting and solving incidents with substantial damage.

“It would be rather bad if nothing had changed in the last year and if no improvements had been made to the cyber security system. The biggest changes were introduced with the adoption of the Act on the Cyber Security of Key Service Operators and Digital Services Providers last July,” Minister Krstičević emphasized in his keynote speech. “We must be aware of the fact that the security paradigm in the world, including our immediate surroundings, has shifted. Along with terrorism, cyberattacks on critical national infrastructure present one of the largest contemporary threats. As a society, we have to continuously prepare ourselves for a whole spectrum of potential threats and dangers, including cyberattacks. We have to train users of information systems, adjust our information and communication technology architecture, apply advanced protection techniques and continually raise awareness about security culture and the full application of the Information Security Act as well as the Act on the Cyber Security of Key Service Operators and Digital Services Providers. In case a cyberattack does occur, we must have a regulated system for the mitigation of the consequences of such a harmful incident, in accordance with the proscribed procedures,” Minister Krstičević concluded.

The Director of the Information Systems Security Bureau Robert Žunac gave prefatory information about the Act on the Cyber Security of Key Service Operators and Digital Service Providers. He emphasized that the objective of the Act was to regulate the procedures and measures for the attainment of a high joint level of cyber security of key service operators and digital service providers in the provision of services which are vital to the development of key social and economic activities, including the functioning of the digital market; the jurisdiction of competent sectoral authorities, the national Point of Single Contact, Computer Security Incident Response Teams (CSIRTs) and technical Notified Bodies; as well as the monitoring of key service operators and digital services providers.

The Independent Sector for Information and Communications at the Ministry of Defence was the main authority in the exercise, while the Head of the Sector Colonel Bruno Bešker acted as the director of the exercise. The exercise was realized by the Main Planning Group, which includes representatives from the Office of the President of the Republic of Croatia, the Prime Minister’s Office, the Office of the National Security Council, the Security and Intelligence Agency, the Military Security and Intelligence Agency, the Information Systems Security Bureau, National CERT, the Ministry of the Sea, Transport and Infrastructure, the Central State Administrative Office for the Development of Digital Society, the Ministry of Defence and the Croatian Armed Forces.

Colonel Bešker emphasized that significant measures had been implemented since 2018 thanks to the newly-adopted Cyber Security Act, which identified the criteria for the definition of key service providers and incidents with substantial damage, the obligations of competent sectoral authorities as well as the procedures for reporting and solving incidents with substantial damage. Colonel Bešker further explained that the main objective of the exercise was to raise awareness about the cyber safety of all participants in the exercise, with the emphasis being laid on key service operators, digitals services providers, competent sectoral authorities, the national Point of Single Contact as well as incident prevention and protection authorities.

Cyber Shield 2019 is a table-top simulation exercise in which participants analyse and solve common problems while discussing separate issues.

During the exercise, the participants exercised their obligations and procedures proscribed by the Act on the Cyber Security of Key Service Operators and Digital Services Providers in case of a cyber incident. Key service operators and digital services providers are the main targets of such incidents since attacking them gives the most favourable benefit-cost ratio (the greatest amount of damage is caused with the fewest invested resources).

The focus of the exercise scenario was on cyber incidents causing substantial damage to a key service provider (Croatia Control) and a digital services provider (University Computing Centre). Incident scenarios foresaw an attack on air traffic and a network breakdown at the main Croatian Internet exchange point. Along with Croatia Control and University Computing Centre, the exercise also featured the representatives of competent sectoral authorities (the Ministry of the Sea, Transport and Infrastructure and the Central State Administrative Office for the Development of Digital Society), two competent CSIRTs (the Information Systems Security Bureau and National CERT) as well as the national Point of Single Contact (the Office of the National Security Council).

State Secretary at the Central State Administrative Office for the Development of Digital Society Bernard Gršić said that the key objectives in the upcoming period for all entities subject to the Act (key service operators, digital services providers, competent sectoral authorities and competent CSIRTs) were drawing up job descriptions, filling up vacancies, ensuring sufficient human resources for the implementation of the Act, educating the IT personnel and proposing measures for retaining the personnel. In compliance with the specific objectives from the Annual Activity Plan of the Co-ordination for the Homeland Security System, the Information Systems Security Bureau conducted a cyberattack simulation called “The Development of Cyber Operation Capabilities in the Framework of the Homeland Security System” during the preparations for the exercise. At the end of the exercise, the Director of the Information Systems Security Bureau Robert Žunac presented the results of the cyberattack simulation.

In view of the growing threats posed by cyberattacks and the necessity to upgrade all components of the Homeland Security System, Minister Krstičević underlined the importance of the establishment of the Cyberspace Command, a new capability of the Croatian Armed Forces through which Croatia would enter the fourth dimension of warfare (cyberspace) with its establishment, Minister Krstičević explained.

Text by ŽELJKO STIPANOVIĆ, BRUNO BEŠKER

Photo by MLADEN ČOBANOVIĆ

Translation by IVA GUGO