Training course on cybersecurity
Slovenian Nuclear Safety Administration (SNSA), in collaboration with the International Atomic Energy Agency (IAEA) and the Pacific Northwest National Laboratory (PNNL), organized and participated in a National Training Course on Tools and Techniques for Computer Security Incident Response from April 11 to 14, 2023.
Representatives from key stakeholders in computer and nuclear security in Slovenia attended the training course, including representatives from the Ministry of the Interior, Ministry of Defence, SI-CERT, Government Information Security Office, Ministry of Public Administration, Jožef Stefan Institute, Krško Nuclear Power Plant, and SNSA. Participants were introduced to international standards and best practices on computer security incident response and were able to put their knowledge into practice within a simulated Security Operations Center (SOC). The programme of the training covered the following topics:
- Phases of Computer Security Incident Response
- Impact of Computer Security Incidents
- Social Engineering Incidents
- Network Investigation
- Host Investigation
- Post-Incident Analysis
- Development of Incident Response Playbooks
- Tools for Computer Security Incident Response
- Orchestration and Automation of Incident Response Activities
The training course consisted of two phases. In the first phase, participants were introduced to the theoretical basics and learned about tools for generating and capturing network traffic, system logs, and intrusion detection system (IDS) alerts. Participants were familiarized with the concepts of responding to computer security incidents in the nuclear sector, as recommended by the IAEA.
In the second phase, participants independently investigated the computer security incident in the fictional nuclear facility, using the practices, procedures, and analysis tools they had learned in the first phase of the course.
Such training courses are of great importance for educating and training professionals in the field of computer security, as they improve communication and collaboration among various stakeholders in the field of computer security and wider.