What are you looking for?

Driving innovation together
OZON: Practice how to respond to a cyber crisis

OZON is a large-scale national cyber crisis exercise that takes place every two years. During the OZON exercise, you will practice how to react to a cyber crisis and find out whether you are already well prepared for a cyber crisis as an institution.

Een vrouw houdteen tablet vast met daarop de tekst 'Warning cyber attack'

NOZON 2024

What do you do in a cyber crisis? SURF is organising NOZON, the light variant of OZON, in March 2024. The set-up: each institution organises its own short tabletop exercise at IT or strategic level in the same fortnight, using centrally supplied material.

What is NOZON?

With NOZON, you organise, during two designated weeks, a cyber crisis exercise. This is a tabletop exercise of 1 to 2 hours at strategic or just IT/technical level. Each organisation can decide for itself when this exercise is best held, and the sample scenarios are designed so that you can play them out with a limited number of people in one room.

To support organisations in this, SURF, in collaboration with Z-CERT, MBO Digitaal and Kennisnet, organises training courses on setting up, observing and evaluating cyber crisis exercises, and provides central exercise material. After the exercise weeks, we hold a return day to exchange experiences and lessons learned.

Added value

The added value of this set-up is that you do not have to reinvent the wheel all by yourself, that you can spar about the ways in which you can adapt or expand an exercise scenario, that you have a stick to really start practising and that we evaluate together and exchange lessons learned.

Carousel approach

At NOZON, the training day is jointly with other institutions from your sector. After that, the preparation and execution of the exercise is up to each institution itself. However, it is also possible for a small group of institutions to tackle the preparations together and observe the exercise together. We call this the carrousel approach, because the exercise preparers take turns to visit each other to perform and observe an exercise.

We will ask upon registration whether your institution would like to do the preparation together with others and, if so, with whom you would like to cooperate. This approach is not mandatory, so if you would like to take up the preparation on your own, this is of course still possible.

When is it?

The NOZON weeks are from 11 to 22 March 2024. Within these weeks, each participating organisation holds its own exercise.
The run-up to it is as follows:

19 December,exact time to follow
Online		 Online briefing for all exercise preparers

8 January, 09:30 to 17:00
SURF Utrecht

 Training day for exercise preparers healthcare sector
9 January, 09:30 to 17 :00
SURF Utrecht		 Training day for exercise planners hbo/wo
15 January, 09:30 to 17 :00
SURF Utrecht		 Training day for the exercise preparers mbo
16 January, 09:30 to 17:00
SURF Utrecht		 Training day for practice preparers research+

30 January, 9:30 to 17 :00
SURF Utrecht

 Training in observation and evaluation for all observers
1 February, exact time to follow
Location to follow		 Optional spar sessions

2 February, exact time to follow
Location to follow

 Optional spar sessions

4 April, exact time to follow
SURF Utrecht

 Return day

Register

For WO, HBO and Research+: register your institution via this link https://survey.surfnet.nl/index.php/262244?lang=nl

For all other sectors, registration is via other channels:

MBO - mail to h.links@mbodigitaal.nl

ZORG - mail to nozon@z-cert.nl

VO - mail to oefenen@kennisnet.nl

Registration means:

- Your organisation's exercise preparer attends your sector's training day;

- Your organisation's observer attends the observer training day on 30 January;

- Your organisation holds a tabletop exercise during the period from 11 to 22 March 2024;

- Your organisation's exercise preparer and/or observer attends the return day on 31 October on 1 April;

- Furthermore, upon registration, preparers and observers from participating organisations will be added to the mailing list and wiki to exchange ideas with other practising institutions.

Costs

Apart from the hours you put into preparation, implementation and evaluation, participation costs nothing.

NOZON manual
What will be regulated centrally?

The following will be arranged centrally:

  • A manual for organising tabletop exercises with sample documents for observation, evaluation and reporting;
  • Sample case studies to build your own exercise from;
  • One training day per sector on devising, preparing and conducting a tabletop exercise;
  • One training day on observing and evaluating a tabletop exercise;
  • Sparring sessions and consultation hours to present problems or ideas ahead of your own exercise;
  • A wiki and mailing list to facilitate the exchange of ideas etc;
  • A return day to exchange experiences and lessons learned.
What do participating organisations have to arrange themselves?

The following must be arranged by the participants themselves:

  • Designating an exercise planner and an observer;
  • Setting their own exercise objectives;
  • Adapting the example scenarios to the context of one's own organisation;
  • Organising the exercise within the organisation;
  • Leading, observing and evaluating the exercise within one's own organisation.

The exercise planner will spend at least about 35 hours and the observer at least about 20 hours.

Questions?

For substantive questions, email charlie.vangenuchten@surf.nl. For logistical questions, email ozon@surf.nl.

Curious about how others experienced NOZON?

Then read the blog NOZON 2022: a behind-the-scenes look at a tabletop cyber crisis exercise of five institutions.