## Crisis Simulation for the REFEDS Community
Hannah Short (CERN), Charlie van Genuchten (SURFnet)
* Our community (notably through eduGAIN) has over **4000** organisations who may be affected by security incidents
* Incident Response is significantly **improved with planning and practice**
* As a community we may not be doing enough to prepare
## What have we done already?
* AARC Incident simulations deemed helpful
* Compromised Identity accesses multiple SPs
* Incident Simulation Report [#1](https://aarc-project.eu/wp-content/uploads/2018/04/20180326-Incident-Simulation-Report.pdf) and [#2](https://aarc-project.eu/wp-content/uploads/2018/11/Incident-Response-Test-Model-for-Organisations-Simulation-2.pdf)
* Experience gained through crisis exercises for NRENs (see [TNC19 session 9B](https://tnc19.geant.org/programme/#Wednesday))
## Could we do more?
* Security Day at TNC19
* 20 minute un-conference session on crisis simulation for eduGAIN
* Mostly security, not federation, participants
* Great participation
* Conclusion, that it would be interesting to extend to (inter)federation
## What could we do?
Charlie proposed 3 questions to help understand this
1. What is the worst that can happen?
2. What do we want the outcome to be?
3. Who are the players?
## What is the worst that can happen?
* Wide-scale malware outbreak
* Loss of integrity of trust infrastructure
* Loss of service at critical time
* TNC programme
* Time-critical science analysis
## What do we want the outcome to be?
* Train individuals
* Discover weaknesses (unknown unknowns)
* Improve processes (coverage of security contacts, fewer technical problems)
* Test and build collaboration
* Clarify incident response procedure (who should be doing what?)
## Who are the players?
## Questions for you
* Are any Federations doing this already?
* Should this be a crisis exercise (i.e. strategic level), or incident response?
* How should we approach it?
* An eduGAIN wide exercise?
* Train-the-trainer model for smaller groups?
*There are relevant activities in Sirtfi WG, WISE and GN4*
## Next Steps
1. If we want to go for it...
* Decide on type of exercise (virtual, scripted, per-federation vs all etc)
* Define possible timeline
* Understand participation model
1. Realisticly takes 1 year with a lot of hours, cannot be just one person :) (could we have a small steering group?)
# This week
1. Take some time to consider what your organisation/federation needs
2. Join an un-conference session on Thursday