Disciplined and Responsible “White Hat Hackers” in Dong Nai Province Cybersecurity Exercise

In cybersecurity exercises, the term “attack team” often evokes associations with intrusion, disruption, or system sabotage. However, the reality of the Dong Nai Province Cybersecurity Live-Fire Exercise 2025 presents a very different picture - one in which members of the attack teams are required to adhere to strict discipline and place professional ethics at the forefront.

Serving as Attack Team No. 14, students from the Faculty of Information Technology at Lac Hong University participated in the exercise not as “disruptors,” but as white hat hackers, carrying out security assessments within a tightly controlled and supervised framework.

Controlled Attacks Within Clearly Defined Limits

From the outset of the live-fire phase, all attack teams were required to comply with the Exercise Regulations issued by the Organizing Committee. These regulations clearly defined the scope, methods, and limitations of all technical activities throughout the exercise, ensuring the absolute safety of government information systems.

For Team 14, all simulated attack activities had to comply with strict principles: no data destruction, no service disruption, and no impact on the command, management, or operational activities of government agencies. Any attack techniques intended to overload systems, disable services, or alter system interfaces were strictly prohibited.

These limitations clearly defined the role of the attack teams in the exercise - not to cause damage, but to assess system security under conditions that closely resemble real-world scenarios while maintaining full risk control.

Professional Ethics in Every Technical Action

In cybersecurity, the boundary between authorized security testing and illegal intrusion can be extremely thin. For this reason, live-fire exercises serve not only as tests of technical capability but also as assessments of professional ethics in the field of information security.

Students from Lac Hong University participating in Team 14 were required to strictly adhere to professional standards, including exploiting vulnerabilities only within approved boundaries and refraining from storing, copying, or misusing any data obtained during the exercise. All findings had to be handled strictly through formal reporting procedures, with no unauthorized deep intervention in the system.

Through this process, the exercise reinforced the understanding that technical expertise only holds real value when accompanied by responsibility and ethical standards.

Secure Reporting Procedures and Information Discipline

One of the key requirements of the exercise was that all identified vulnerabilities and security risks be reported through standardized procedures using designated secure channels. For Team 14, all technical reports were required to be encrypted before being submitted to the Organizing Committee and the defensive team.

The use of encrypted communication channels not only protected sensitive information during the exercise, but also familiarized students with information security handling procedures commonly applied in government and enterprise environments. Each report was required to clearly outline the findings, risk levels, and remediation recommendations, while strictly adhering to prescribed formats and timelines.

Information discipline in the reporting process was considered an integral part of the exercise, reflecting real-world requirements in government cybersecurity operations.

When “Hackers” Are Defined by Social Responsibility

In modern cybersecurity exercises, the image of the “hacker” is no longer associated with secrecy or destruction. Instead, it is increasingly defined by professionalism, transparency, and responsibility. Although attack teams operate in opposition to defensive teams within the exercise scenario, both ultimately share the same objective: enhancing the security of information systems.

For students of Lac Hong University, participating in the exercise as white hat hackers provided valuable insight into how every technical action can impact government operations, as well as the data of citizens and businesses. As a result, a strong sense of social responsibility was developed alongside technical competence.

Lessons in Cybersecurity Profession from a Live Exercise

The Dong Nai Province Cybersecurity Exercise 2025 was not only a test of system resilience, but also a practical training environment in professional ethics and operational discipline. Throughout the live cybersecurity phase, students of Team 14 were trained to operate within legal frameworks, follow standardized procedures, and respect information security principles.

The “white hat hackers” of Lac Hong University therefore carry forward not only technical knowledge, but also a clear awareness of the responsibilities of cybersecurity professionals in the digital society. This foundation is essential for building a workforce that is both technically proficient and ethically grounded, ready to contribute to the protection of local and national cyberspace.