Implementing cyber incident classification systems focus of OSCE workshop

The OSCE Transnational Threats Department, with the support of the OSCE Project Co-ordinator in Uzbekistan, organized a customized workshop on 17 October that focused on building a national cyber incident classification system, which is used to classify different types of cyber incidents.

The workshop combined the knowledge and expertise gathered in previous workshops and tailored them toward the national implementation of a cyber incident classification system for Uzbekistan. The event brought together 25 cyber/ICT security experts from the Cybersecurity Centre of Uzbekistan and experts from Switzerland and the private sector who shared their experiences. With the exponential increase in cyber incidents, the experts emphasized that creating a cyber/ICT incident classification system is essential to enabling the proper prioritization and management of incidents, particularly those affecting critical infrastructure.

“The classification of cyber incidents is key as it enhances crisis communication and crisis management. It builds up mutual understanding and cooperation at national and international levels, as well as facilitating the exchange of best practices. The development of compatible classifications can also help partners to build a common vision of a what a cyber incident can be and how governments should deal with it, ultimately enhancing the protection of critical infrastructure.” said Maxime Gehringer, Deputy Head of Mission at the Embassy of France to Uzbekistan.

“Today we organize a workshop with the OSCE which is very useful for your future career. I am convinced that this workshop will be useful for your daily activities. On behalf of the government of Uzbekistan and our Centre of Cybersecurity I highly appreciate our colleagues from the OSCE and the Embassy of France for offering us such an excellent opportunity to further develop our capacities,” added Rustam Yunusov, Deputy Director of the Cybersecurity Centre of Uzbekistan.

“Cyber threats are becoming more complex and dangerous, especially when they target critical infrastructure. It is therefore essential that we establish robust systems for classifying and managing cyber incidents. Such systems not only help us assess the severity of incidents but also enable us to prioritize responses and engage the appropriate stakeholders efficiently,” emphasised Sergei Sizov, Senior Project Officer with the OSCE Project Co-ordinator in Uzbekistan.  

“Since the start of this project, we had three sub-regional workshops on national cyber incident classification at which we raised awareness and provided a platform for exchanges. Participants sharing their practical experiences build cumulative knowledge on classification of cyber incidents,” added Szilvia Toth, Cyber Security Officer at the OSCE Transnational Threats Department.

Participants also engaged in a table-top exercise to explore practical applicability of the OSCE’s 16 cyber/ICT security confidence-building measures (CBMs). These are practical measures which address misperceptions and misunderstandings in cyberspace by fostering transparency, communication and co-operation between States. The exercise focused on how CBMs can prevent escalatory trajectories in a cyber incident and underlined the importance of cross-border co-operation when protecting critical infrastructure.

The workshop is part of the “Facilitation of the development and implementation of national cyber incident severity scales (NCISS) and related measures to protect critical infrastructures” project, which is funded by France and Germany.