When faced with this situation, it is a challenging but vital task to advocate that customers are conducting cyber security drills rather than crimes. Here are some suggestions： 1. **Collect evidence** -**Drill plan and records**: Find out if there are planning documents, emails, meeting minutes, etc. about the network security drill to prove that the customer has the intention to organize the drill. -**Technical means and tools**: Collect the technical means and tools used by customers in the exercise, such as specific security testing software, simulation attack scripts, etc. These tools are usually used for legitimate security assessment purposes. -**Personnel training and knowledge**: Provide records of customer team members participating in network security training, as well as proof of their network security knowledge and skills, to illustrate that the exercises are conducted for the purpose of improving security awareness and competence. 2. **Establish reasonable motivation** -**Emphasize the importance that customers attach to network security**: Explain the high requirements that customers have always placed on their own network security, including the resources invested and the security strategies formulated, etc., and explain that this exercise is part of their continuous security protection work. -**Business demand-driven**: Explain how the drill is related to the customer's business goals, such as protecting customer data assets, maintaining business continuity, and preventing potential reputation losses, and emphasize the necessity of the drill to ensure the normal operation of the business. 3. **Justify the exercise** -**Follow industry standards and best practices**: Point out that the customer's drill activities comply with relevant industry standards and best practices, such as internationally recognized network security standards, security guidelines issued by industry associations, etc., indicating that their behavior is a security test conducted within a reasonable range. -**Simulation of real-world scenarios**: Description The drill scenario is a real simulation of the current network security threat environment, designed to discover and solve potential security vulnerabilities, rather than malicious attacks against specific individuals or organizations. 4. **Provide expert support** -**Hire network security experts**: Invite professional network security experts as witnesses. Based on industry experience and professional knowledge, they can analyze and explain the customer's drill behavior to prove its rationality and legality. -**Expert report**: Experts are required to issue a detailed report explaining the purpose, method, process and results of the exercise, explaining the difference between the exercise activities and the criminal act, and providing a strong professional basis for the defense. 5. **Cooperate with law enforcement** -**Actively cooperate with the investigation**: Communicate with law enforcement agencies in a timely manner, provide the required information and evidence, show that the customer is willing to cooperate with the investigation, assist law enforcement agencies to understand the whole picture of the incident, and eliminate misunderstandings. -**Explain the nature of the drill**: Explain the process and purpose of the drill in detail to law enforcement officials, emphasizing that the customer has no criminal intent, but only hopes to improve his own network security protection capabilities in this way. 6. **Legal basis and precedent** -**Study relevant laws**: Find out if there are legal provisions or jurisprudence that support network security drills as the basis for legal actions, and cite these legal grounds to support your claim, stating that the customer's behavior is allowed within the legal framework. - **Reference to similar cases**: Look for other similar network security drill cases, analyze their handling methods and judgment results, and use them as a reference to demonstrate that the customer's situation is similar to these cases and should not be considered a crime.