Deelnemer aan OZON

Record number of organisations participate in cyber crisis exercise OZON 2023

On 23 and 24 March 2023, 72 organisations and over 2,000 people in education and research participated in SURF's cyber crisis exercise OZON 2023. Cyber threats are increasing worldwide, so too for education and research. It is one of the few sectors doing full-scale cyber simulations since 2016 to learn to respond skillfully to realistic cyber crises.

This time, the biennial exercise consists of an insider threat scenario where employees from one's own organisation also work for a criminal actor. Previous editions of OZON have included scenarios involving ransomware, ethical hackers and a state actor.

Realistic scenario

"This year, a record number of people participated and in this edition, too, we were quite challenged with this realistic scenario," said Jet de Ranitz, SURF CEO and chair of the board of directors.

"The whole sector was able to experience again the need to work together in the event of a cyber crisis. That is why this kind of exercise remains of great value."
Jet de Ranitz, CEO of SURF


On Thursday 23 March, the crisis drill starts at 9.30 am. A few people from each participating organisation are in the loop; most staff know nothing. The central scenario is shaped by SURF, and institutions can vary on this to fit their own exercise objectives as much as possible. During the day, the pressure on the participants keeps increasing, until 4pm when the first day ends. On Friday 24 March, the criminal associates are unmasked, the crisis builds and there is room for reflection. In the weeks that follow, SURF, together with participants, evaluates the exercise and incorporates lessons learned, learning points and feedback into a report.


For the fourth time, SURF, the ICT cooperative of Dutch education and research, has organised this sector-wide crisis exercise for its members. Charlie van Genuchten, OZON project leader at SURF, started preparations at the beginning of 2022. In a brainstorm with professionals from education, research and healthcare, the insider threat scenario was created. The scenario was then worked out at operational, tactical and strategic levels, taking into account the stages a real cyber crisis goes through. The exercise involved cooperation across the chain: parties such as the ministry and umbrella and industry organisations also participated in the exercise.

Scenario of cyber crisis exercise OZON 2023

The crisis exercise starts at 9.30am on Thursday, March 23. A hacker group, the Vulnerability Liberators, is frustrated that many organisations are not taking up their reports on serious vulnerabilities. The hackers are therefore declaring this day as PiƱata Day where they publish a new vulnerability on their website every 20 minutes.

At the same time, incidents are presenting themselves at various places in the education chain: strange reports from enrolment and login platforms and at random institutions, connections to the internet are exhibiting glitches. Moreover, passwords giving access to secure cloud environments are published. Behind the incidents are employees under the direction of disgruntled crypto millionaire Elaine Geurtjes. She believes that education has failed in providing education for all and that institutions will pay for it with this hack.

This article is relevant to