During a recent regional exercise, the CyberBastion platform once again proved its effectiveness as an environment for simulating complex, multi-layered cyberattacks and as a training platform for learning how to respond effectively to them.
This time, we focused on promoting and demonstrating the value of communication and information exchange during an incident. The training was attended by representatives of national CSIRTs from West African countries, who practiced the role that ISAC can play in preventing and responding to cyberattacks. The scenario involved an attack on the logistics sector (“Attack on the Logistics Sector”).
Dual perspective: sector and organization
The exercise scenario was based on a growing threat: a coordinated campaign of cyberattacks targeting the logistics and supply chain sector in several ECOWAS member states.
Participants were divided into two levels of action:
ISAC coordination cell – responsible for analyzing information, identifying common threat patterns, and developing regional recommendations;
CSIRT national teams – operating at the operational level, defending the fictional infrastructure of WeDeliverALL, considered critical to national security and the continuity of food, medicine, and transport supplies.
Running both scenarios in parallel allowed participants to experience how a cyber threat develops from a single technical incident into a crisis of regional significance, requiring the cooperation of multiple entities.
CyberBastion as a shared training environment
The model of two linked and synchronized scenarios perfectly demonstrated the importance of cooperation between CSIRTs and ISACs.
Technical information—including privilege escalation, lateral movement, and data exfiltration—was used by ISAC to build a regional threat picture. The decisions made by national CSIRTs had a direct impact on the effectiveness of the defense strategies used. This time, the goal was not to compete between teams, but to show how joint actions affect the condition of the entire sector in the event of a cyberattack.
The exercise showed that CyberBastion can be not only an educational platform, but also a decision-making support tool that allows for testing cooperation, communication, and analysis procedures in a realistic, dynamically changing environment.
We invite you to cooperate with us
If your organization would like to use the CyberBastion platform in a similar or completely different scenario—focused on testing and developing the ability to build cyber resilience, coordinate actions, and respond appropriately to incidents—we invite you to contact us and cooperate with us.
Exercises carried out in CyberBastion can be based on recognized standards and regulations, such as NIS2, DORA, or GDPR, and can also be adapted to national or sectoral needs.
Together, we can prepare a simulation that will allow us to test both technical response procedures and organizational mechanisms for cooperation in crisis situations.
