InCommon to Host Second Annual Cybersecurity Cooperation Exercise This Fall

Subscribe for more like this



By Kyle Lewis, Chair, Sirtfi Exercise Planning Working Group

Estimated reading time: 3 minutes

To continue increasing cross-federation levels of trust in cybersecurity, InCommon is hosting its second annual community Sirtfi cybersecurity exercise this fall. Sirtfi is part of InCommon’s baseline expectations

The event is open to InCommon participants and eduGAIN partners, who will practice coordinating a response to a federated security incident by running a multi-organization, federated incident response exercise. Sirtfi-compliant organizations that would like for their federated IdPs and/or SPs to participate in this exercise should complete our expression of interest form by September 29, 2023. The exercise will take place November 13 – 17, 2023.

Kyle Lewis posing for a profile picture
Kyle Lewis is vice president of cybersecurity strategy at InCommon Catalyst RDCT.

Practicing the Framework

The primary purpose of this event is to practice using the Sirtfi framework to coordinate cybersecurity incident response between affected organizations. InCommon’s goals include practicing cross-organization coordination on cybersecurity scenario response using the Sirti Framework and identifying when one should get – and knowing how to get –  a security contact.

This event also provides participating organizations the opportunity to practice external security notifications and identifying and acting on internal situations that should prompt finding and notifying another organization’s published security contact as per the Sirtfi framework. There will be no real-world technical events or actions on the network; all breaches, security investigations, log files, etc., will be simulated in a narrative.

InCommon baseline logo

The Benefits of Exercising with Us

Here’s what some of the participants in last year’s cybersecurity exercise had to say about how it helped them and their organizations.

  • “Lessons learned from the InCommon exercise prompted us to do internal tabletop exercises.”

  • “Our team appreciated the chance to participate; overall it was a good exercise.”

  • “We’ve done exercises internally in the past, but having real external players helped break our insular mindset of not being used to reaching out externally.”

How the Exercise Will Work

Exercise participants will only be performing four “real-world” tasks as they discuss the narrated scenario and interact with the exercise control cell:

All other tasks will be simulated through tabletop narration.

The purpose of the event is to practice. It’s not a graded event or a test. It lets us practice in advance what we claimed we would do when our entities asserted Sirtfi compliance, which is preferable to waiting for a real security breach to figure Sirtfi out while also under the pressure of trying to secure your network. Sign up to participate.

Additional information is available on the working group wiki

About the SIRTFI Exercise Working Group

The SIRTFI Exercise Working Group prepares members of the InCommon Federation community to handle a federated security incident by conducting one or more tabletop exercises to simulate aspects of responding to the real thing. Exercises are aimed to be learning opportunities, increasing familiarity with and shared understanding of key concepts and practices in the SIRTFI framework. The SIRTFI Exercise Working Group is chartered by the InCommon Community Trust and Assurance Board.