What could be done by the gateway defenders of the Belgian Internet
It is a good exercise. Take that a few thousand zombies from all over the world attack a list of Belgian website to compromise them or to take them out (ddos). How would you react ?
Well there should be plans for three centers in the case of a cyberattack. They have totally different tasks and should have different people - enough people to be on permanent standby as long as the attack endures.
1. Communication : where will the networkadministrators and journalists find information about the developing situation ? Infomration that should be correct and verified and without any hyperbole. It should also give a list of all the patches and tricks that are being used and the workarounds. This should go very very fast.
2. Take-out center : where would all the information be concentrated about webservers and services that are being used in the attack and that have to be taken out or blocked at the first gateways to the Belgian Internet. Internaitonal coördination is also necessary here. Internally Belgian compromised webservices should be taken out as fast as possible. This should be verified but very fast.
3. Prosecution center : where would all the forensic information arrive so that official - eventually international - complaints can be launched. In the case of such an attack this would be necessary if you would to treat this as a government-level problem in which the Turkish government has to act. This should be first very well verified before being handed over as evidence. The procedure and the information needed should be set up now to communicate at the start of the attack to the Information and take-out center.