By Kyle Lewis, Chair, Sirtfi Exercise Planning Working Group
Estimated reading time: 4 minutes
To continue increasing cross-federation levels of trust in cybersecurity, InCommon is hosting its third annual community Sirtfi cybersecurity exercise this fall. Sirtfi (Security Incident Response Trust Framework for Federated Identity) is part of InCommon’s baseline expectations.
The event is open to InCommon participants and eduGAIN partners, who will practice coordinating a response to a federated security incident by running a multi-organization, federated incident response exercise. Sirtfi-compliant organizations that would like for their federated IdPs and/or SPs to participate in this exercise should complete our expression of interest form by September 30, 2024. The exercise will take place November 18 – 22, 2024.
The Benefits
of Exercising with Us
Here’s what some of the participants in last year’s cybersecurity exercise had to say about how it helped them and their organizations.
- “Lessons learned from the InCommon exercise prompted us to do internal tabletop exercises.”
- “Our team appreciated the chance to participate; overall it was a good exercise.”
- “We’ve done exercises internally in the past, but having real external players helped break our insular mindset of not being used to reaching out externally.”
Practicing the Framework
The primary purpose of this event is to practice using the Sirtfi framework to coordinate cybersecurity incident response between affected organizations. InCommon’s goals include practicing cross-organization coordination on cybersecurity scenario response using the Sirti Framework and identifying when one should get – and knowing how to get – a security contact.
This event also provides participating organizations the opportunity to practice external security notifications as well as identifying and acting on internal situations that should prompt finding and notifying another organization’s published security contact as per the Sirtfi framework. There will be no real-world technical events or actions on the network; all breaches, security investigations, log files, etc., will be simulated in a narrative.
How the Exercise Will Work
Exercise participants will only be performing four “real-world” tasks as they discuss the narrated scenario and interact with the exercise control cell:
- Recognizing when the scenario includes activity that affects other external federated organizations, which prompts the need to use the Sirtfi framework.
- When given a username/organization, finding that user’s security contact as required to be published by the Sirtfi framework.
- Establishing communications with an external organization using the Sirtfi security contact.
- Receiving and responding to requests to the security contact, identifying those requests as Sirtfi requests, and partnering as appropriate depending on the narrated scenario event.
All other tasks will be simulated through tabletop narration.
The purpose of the event is to practice. It’s not a graded event or a test. It lets us practice in advance what we claimed we would do when our entities asserted Sirtfi compliance, which is preferable to waiting for a real security breach to figure Sirtfi out while also under the pressure of trying to secure your network.
Additional information is available on the working group wiki.
About the SIRTFI Exercise Working Group
The SIRTFI Exercise Working Group prepares members of the InCommon Federation community to handle a federated security incident by conducting one or more tabletop exercises to simulate aspects of responding to the real thing. Exercises are aimed to be learning opportunities, increasing familiarity with and shared understanding of key concepts and practices in the SIRTFI framework. The SIRTFI Exercise Working Group is chartered by the InCommon Community Trust and Assurance Board.
ICYMI
- Stand By for Sirtfi: Third Annual InCommon Cybersecurity Cooperation Exercise Scheduled for November, Call for Participation Opens in August
- Bringing Identity and Security Together: InCommon’s 2023 Cybersecurity Cooperation Exercise