Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

/in
  • In 2023, Talos collaborated with NetHope and Cisco Crisis Response to create a customized Backdoors & Breaches expansion deck for international humanitarian organizations, addressing their unique cybersecurity challenges. 
  • The new expansion deck helps NGOs with constrained budgets improve proactive security and incident response skills through engaging tabletop exercises that are specific to their technical, political, and logistical challenges. 
  • Hundreds of expansion decks have been distributed to international NGOs, and Talos has received positive feedback for their practicality and relevance. 
  • Building on this success, we partnered with NGO-ISAC to develop a United States-specific deck for domestic NGOs, enhancing their cybersecurity preparedness.

Humanitarian organizations and the cybersecurity landscape

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

Hello friends! My name is Joe Marshall and I work at Cisco Talos as a cyber threat researcher and security strategist. Throughout my travels with Talos, I’ve met extraordinary individuals and organizations who fight injustices in a variety of ways: caring for children, feeding the unhoused, promoting democracy, protecting the environment, or resettling refugees who are fleeing from war. 

In moments of unimaginable crisis and pain, the international non-governmental organization (NGO) folks I met are on the front lines distributing aid, documenting human rights abuses, assisting first responders, and offering comfort to people who have had their worlds upended. I unabashedly admire and respect them. 

Unfortunately, international NGOs have historically struggled in cybersecurity. No matter an NGO’s size, limited donor and grant dollars mean that sustaining the organization competes with delivering aid, leaving little (if any) funding for cybersecurity. As a result, public sector offensive actors, mercenary spyware organizations, and state-sponsored actors take advantage of this to target or financially exploit these NGOs, even though they are assisting some of the most vulnerable people in the world. No one gets a pass in this modern era of cybercrime!

Helping the helpers

In 2023, the Cisco Crisis Response (CCR) team — a group that helps local agencies and communities prepare for, respond to, and sustainably rebuild from crises — approached my team at Talos with a rare opportunity to help incorporate cybersecurity into their work alongside their partner, NetHope.

NetHope is a humanitarian assistance organization that “helps our nonprofit Members effectively address the world’s most pressing challenges through collaboration, collective action and the smarter use of technology.” They also host the NetHope Global Summit, a yearly gathering of international NGOs to discuss technical issues and solutions to enable their member NGOs’ missions.

Before this project, I was not well-versed in the challenges of the NGO cybersecurity landscape or operating realities. Every business vertical is unique, and my first few meetings with NetHope forced me to confront the stark realities of the cybersecurity poverty line. With NGOs’ limited cybersecurity budgets, expertise, and resources, I knew our project had to have a low barrier to entry.

After much brainstorming, I suggested that we create an NGO-centric version of the popular cybersecurity tabletop exercise, “Backdoors & Breaches,” to keep workers’ incident response skills sharp.

What is a tabletop exercise? 

A tabletop exercise (TTX) is a group thought experiment. The “Game Master” presents various scenarios and variables to their players, who are usually team leaders in their business, to see how they respond as a group. At a high level, TTXs are a way to help your team prepare for worst-case scenarios and cost-effectively develop plans and responses to a variety of incidents. As they say, “Fortune favors the prepared.”

For example, a hospital might want to conduct a TTX to develop and test incident response and data recovery if hackers were to attack their electronic health records. An electric utility company might conduct a TTX to test critical infrastructure restoration and coordination with emergency responders. And, of course, a humanitarian assistance organization may need to protect itself against cyber attacks to keep their life-saving work going!

An introduction to Backdoors & Breaches

Backdoors & Breaches is a card-based TTX developed and published under a GNU license by Black Hills Information Security. It’s a novel game designed to teach both technical and non-technical players cybersecurity incident response in a format similar to the popular Dungeons & Dragons roleplaying game. Here’s an example of gameplay at the RSA Conference, with the digital version of the game:

If you want to accommodate a specific technical aspect of security, like industrial control systems, the cloud, or threat hunting, you can modify Backdoors & Breaches with expansion decks. Customizing cards to reflect your team’s unique circumstances can result in better buy-in and even a higher level of preparedness when a breach occurs.

Talos and NetHope create a new expansion

It was this potential customization that attracted me to making a new expansion deck for the international humanitarian community. The concept of Talos and NetHope adapting a cost-effective, portable, and easy-to-understand TTX to fit the limited cybersecurity budgets of typical NGOs was irresistible. To bring this vision to life, I assembled a diverse team of seasoned cybersecurity NGO professionals, technologists, and crisis response specialists who recognized the value in developing new cards.

The result was a new deck that seamlessly merged into the original Backdoors & Breaches game. These unique cards are modeled from real events and speak to the unique technical, political, and logistical challenges that humanitarian assistance organizations may face during cyber attacks. Here are some examples:

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

Imagine that an angry mob raids your NGO’s office. You’re trying to do digital forensics, but your team is forced to leave the country! What do you do?

We presented this new expansion at the NetHope Global Summit in 2023, where participants widely enjoyed it. We found that this expansion pack brought them together in ways the generic deck on its own likely wouldn’t have. Many people shared first-hand experiences with the stressful situations these cards presented, which led to authentic and open conversations on the best responses to the scenarios.

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

Presenting the base deck and expansion pack at the 2023 NetHope Global Summit.

Over the course of several summits, Talos and NetHope have given away hundreds of physical copies of the expansion, and we’ve received a lot of positive reception from the international NGO community. If you’re curious, you can also find the cards online here.

The U.S. domestic NGO edition

In a country as large as the United States, there are hundreds of domestic NGOs that operate solely within the country and local communities. The NGO Information Sharing and Analysis Center (NGO-ISAC) is a 501(c)(3) nonprofit organization that focuses on domestic civil society organizations.

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

Using the momentum of our Backdoors & Breaches international humanitarian expansion pack, Talos partnered with NGO-ISAC to create a new deck that reflects U.S.-specific NGO security situations.

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
On-stage demonstration at the Ford Foundation for the NGO-ISAC Conference.

If the NGO’s team is spread across the country and wants to play, that’s not a problem! Using this GitHub link you can instantiate and connect to a mini web server on your local computer. With a web sharing tool, you can stream it to any size audience and folks can play along virtually. You can easily use Python for this.

Conclusion

International and domestic NGOs are critical to aid delivery and civil society, but they’re heavily targeted by threat actors who seek to disrupt or exploit their missions. TTXs like Backdoors & Breaches lower the barrier to entry for organizations to have serious conversations about security posture and response, and NetHope and Talos’ custom expansions provide industry-specific scenarios to enrich the experience.

I feel very fortunate to have had the opportunity to volunteer and donate my time to help NGO workers and volunteers fight the good fight. Whether you’re a threat intelligence organization, an international NGO providing medical care to refugees, or a domestic food bank fighting hunger, Talos is with you.

Cisco Talos Blog – ​Read More