BCSC hosts cybersecurity specialists from across Europe in Bilbao for the ‘68th TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe’

The BCSC is part of different initiatives, both public and private, at a local, state and international level in the field of cybersecurity, from a protection perspective and to give visibility to the powerful Basque ecosystem. As a result of one of these initiatives, more than 350 professionals with different cybersecurity profiles such as technicians, analysts, managers and management roles of more than 40 different nationalities and, coming from more than 200 companies from all over Europe, met at the Euskalduna Palace in Bilbao during the three days of the TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe. On this occasion, the BCSC hosted the event, which made it possible to share strategies and good practices for the prevention, detection and effective response to cybersecurity incidents and as a consequence position the Basque Country in the world epicenter of specialized teams in this field CSIRT or CERT.

The meeting started with a private session for TF-CSIRT member team only, in which aspects related to the activity of the forum were discussed, followed by a series of technical talks. After the meeting, , Silvio Oertli, Director of SWITCH-CERT, on behalf of the TF-CSIRT Executive Board, welcomed the attendees and the technical presentations by Albert Calvo and Nil Ortiz, Matthieu Bontrond and Thomas Fontvielle, Etienne Baudin and Frédéric Le Bastard and Mikolaj Dobski began. In them, current issues were discussed such as regulatory frameworks for risk management, standards for the exchange of information on threats, exposition of success stories of initiatives, good practices in malware analysis, malware analysis, etc. Next, the 'Lightning Talks' were held, in which there was Basque representation by Donetz Errasti, member of P3-CERT of P3rseus.

To end the day, a social event at the Guggenheim Museum Bilbao took place, where participants shared experiences, identified synergies and, ultimately, networked. The opening by Josu Erkoreka, First Deputy Prime Minister and Minister of Security stood out, and the attendance of Rodrigo Gartzia, Deputy Minister of Security; and Olatz Arabiourrutia, IT and Telecommunications Manager. In the words of Josu Erkoreka: "We are very grateful that the Basque Country, and especially Bilbao, has been chosen to host this event of international relevance". Likewise, he highlighted the support from the Basque Government to this type of initiative that contributes to raising the level of protection and resilience of the citizens and companies of the Basque Country, as well as to give visibility to the powerful Basque ecosystem, which is largely the result of the deep-rooted culture of entrepreneurship in Basque society and of the opportunities derived from the broad industrial ecosystem.

FIRST European Regional Symposium, Day 2

Dr. Sherif Hashem, President of the FIRST Board of Directors, kicked off a second day that focused on CSIRT teams through informative talks by Jossef Harush Kadouri, Carlos Sanchez Santos, Feike Hacquebord, Christoffer Bech, Lasse Dessau, Nicklas Keijser, Eddy Willems, Righard Zwienenberg, Artsiom Holub, Daniel Lunghi, Jaromir Horejsi and John Kristoff Ransomware, the management of cyber-attacks on supply chains and cyber warfare resulting from the conflict between Ukraine and Russia were some of the topics on which they focused. Meanwhile, Eddy Willems and Righard Zwienenberg, with their usual energetic and lively presentation style, introduced us to real examples of cyber incidents, what went wrong and how they could have been avoided with the show '♬ You Ain't Seen Nothing Yet ♫'.

Besides the talks, a CSIRT.es (state initiative) meeting also took place, where an update on the status of the different initiatives currently underway was presented and those that the coordinating committee, with the support of the technical secretariat, plans to address over the course of 2023 were discussed, with special emphasis on those related to information sharing. The new teams that have joined the forum since the last meeting were also presented and, finally, recent cases of relevant cybersecurity incidents they have had to deal with were analysed, sharing strategies and good practices for their effective management and response.

Workshops for professionals, day 3

The third day of the meeting was aimed at practical training for professionals. A day in which professionals specialised in incident response had the opportunity to attend the following workshops in small groups, in role-play sessions, simulations and guide:

• Course for CSIRT management teams.  Addressed to current and future managers and middle managers of CSIRTs and SOCs with the aim of reflecting and working collectively on daily issues and concerns, including structure, organization, monitoring metrics, initiatives to value work, etc.
  Speaker: Vilius Benetis.
   
• SIM3 training. Most experienced CSIRT team members or managers learned how the full SIM3 maturity model can help them evaluate the maturity of their teams and then use it as a monitoring tool as the team sets goals to increase its maturity, performance and quality.
  Speaker: Klaus-Peter Kossakowski.
   
• Malware analysis. This course covered a basic methodology for the analysis and initial pull of malware. In addition, tools and approaches necessary for the analysis of the most common malicious file types were also presented and we were able to discuss the proper use of static and dynamic malware analysis techniques.
  Speakers:Marcin Fronczak, Miroslaw Maj and Piotr Kepski.
   
• DNS: Prevention, detection, disruption and defence. Starting from a basic level we were able to learn about how attackers abuse and exploit the Domain Name System and domain registration services to carry out different types of attacks.
  Speaker: Carlos Álvarez del Pino and David Rufenacht.

With these workshops, a very complete program came to an end and we can only thank both FIRST and TF-CSIRT for having chosen us as hosts for the '68th TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe' and for bringing to the Basque Country the highest level of international knowledge in cybersecurity. It has been a great opportunity to open new horizons, connect with other European companies and professionals in the sector, learn from all of them and continue collaborating. Let's hope that this is the first of many future encounters.