Record number of organisations participate in cyber crisis exercise OZON 2023

This time, the biennial exercise consists of an insider threat scenario where employees from one's own organisation also work for a criminal actor. Previous editions of OZON have included scenarios involving ransomware, ethical hackers and a state actor.

Realistic scenario

"This year, a record number of people participated and in this edition, too, we were quite challenged with this realistic scenario," said Jet de Ranitz, SURF CEO and chair of the board of directors.

Construction

On Thursday 23 March, the crisis drill starts at 9.30 am. A few people from each participating organisation are in the loop; most staff know nothing. The central scenario is shaped by SURF, and institutions can vary on this to fit their own exercise objectives as much as possible. During the day, the pressure on the participants keeps increasing, until 4pm when the first day ends. On Friday 24 March, the criminal associates are unmasked, the crisis builds and there is room for reflection. In the weeks that follow, SURF, together with participants, evaluates the exercise and incorporates lessons learned, learning points and feedback into a report.

Creation

For the fourth time, SURF, the ICT cooperative of Dutch education and research, has organised this sector-wide crisis exercise for its members. Charlie van Genuchten, OZON project leader at SURF, started preparations at the beginning of 2022. In a brainstorm with professionals from education, research and healthcare, the insider threat scenario was created. The scenario was then worked out at operational, tactical and strategic levels, taking into account the stages a real cyber crisis goes through. The exercise involved cooperation across the chain: parties such as the ministry and umbrella and industry organisations also participated in the exercise.