So, what is it?
Exercise Mercury is a competition between different Universities within the UK and the Baltic region. It was originally an idea set up between the British Embassy in Tallinn, Estonia, TalTech University, and the University of Cambridge.
The major benefits we offer, and why it is helpful to use this approach in addition to traditional pen testing, is as follows:
- Universities understand the complexity of how Universities actually work. We know what is important to you.
- The vulnerabilities located can be prioritised in order for you to understand how the impact of that attack would impact the University.
- We provide you with a detailed report of where your vulnerabilities are without a large expense (the service is free).
- As we are conducting this check across the Universities and Higher education sectors across the United Kingdom and the Baltic region, we can provide interesting data to JISC and CERT.EE in showing them what the situation on the ground is like, and we can detect interesting similarities and vulnerabilities, to provide Universities with the tools and information to better improve their security posture.
- Constant communications are kept throughout the Universities in question. Any issues, the exercise is terminated in order to make sure the exercise is not impeeding operational requirements of the University. If there is an area we would like to further probe, we will ask for permission first before we do anything that is considered "active". Other than that, the information provided is used using passive skills
- Social Engineering, in terms of spear phishing, can be added at the request of the organisation.
- Any data that is collected will be deleted from students laptops afterwards.
In reality, this is a win-win situation, unless if you are one of the bad guys. It is better to find out your vulnerability from a friendly University than it is from someone who exploits it.
How do I apply?
The application is easy. Currently, the current exercise will be from Tallinn University of Technology vs another University. However, this will change in the future and become a "cybersecurity premier league" once we are happy with the pilot. So far, everything has been great. What do you have to lose?
Any questions, please use the contact us page below.
Apply Contact Us