‘Vulnerability Management’: NCCC trains cybersecurity experts from the public sector and critical infrastructure
The National Coordination Centre for Cybersecurity under the National Security and Defence Council of Ukraine, with the support of the US Department of State and CRDF Global in Ukraine, has conducted a Vulnerability Management Programme (VDP) for cybersecurity experts in the public sector and critical infrastructure.
This is the fourteenth edition of the VDP programme, and this time nearly 50 subject-matter experts took part in the training, including representatives of the State Emergency Service of Ukraine, the State Border Guard Service of Ukraine, the Security Service of Ukraine, the Bureau of Economic Security of Ukraine, the Asset Recovery and Management Agency, Naftogaz Security, Naftogaz Teplo LLC, and others.
The purpose of such events is to improve practical skills in identifying vulnerabilities in information systems and ensuring comprehensive cyber defence in the main cybersecurity entities, government agencies, critical infrastructure facilities and other organisations within the framework of public-private partnership.
According to Serhii Prokopenko, Head of the NCCC Support Department of the Specialised Service of the NSDC Secretariat, the Vulnerability Management Programme was created to improve the level of cyber defence of organisations in various sectors of Ukraine's critical infrastructure by training and upgrading the skills of key cybersecurity specialists of these organisations.
"The Programme provides clear guidelines and methodologies for identifying and eliminating security vulnerabilities and countering cyber attacks, and enables organisations to reduce cyber risks by helping to identify and eliminate vulnerabilities before they are exploited by malicious actors", - said Serhii Prokopenko.
As part of the Programme, the experts took a two-month theoretical course and participated in two cyber competitions (CTF), during which they applied their knowledge through simulation exercises and practical cases. The tasks were developed based on scenarios of real-life cyber incidents that specialists face in the course of their daily duties. The winners of the final CTF were awarded with certificates for additional training to improve their skills.
The experience gained will allow the experts to enhance their practical level of knowledge in conducting a overarching analysis of the cybersecurity of their institutions and understand the principles and approaches used by cybercriminals in conducting cyberattacks.