Some 26 nations and more than 550 leading computer security professionals are currently engaged in Locked Shields 2016, described as the biggest and most advanced international live-fire cyber-defence exercise in the world, which is hosted annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) .
20 Blue Teams representing 19 nations and NATO Computer Incident Response Capability (NCIRC) are tasked to maintain the networks and services of a fictional country, Berylia under intense pressure. This includes handling and reporting incidents, solving forensic challenges as well as responding to legal, media and scenario injects. While the organisers of the exercise will gather in Tallinn, Estonia, the participating Blue Teams will have online access to the exercise networks and typically work from their home countries.
“Locked Shields is unique in forcing the hands-on network defenders from 19 nations and NATO to work together and exchange information. International cooperation is the key to successful cyber-defence and this exercise is a perfect example of doing just that,” says Sven Sakkov, director the Tallinn-based NATO CCD COE. “The impact of the exercise, therefore, goes a lot further than technical skills. These computer emergency response teams – be they civilian or military – will better know whom to call when needing assistance in the future.”
“The organisers have built identical virtual networks for the all the defensive teams in this scenario-based exercise. They play the role of the rapid reaction teams of the fictional country of Berylia, protecting a total of about 2,000 machines,” explains exercise architect Jaan Priisalu, senior fellow at CCD CEO. Locked Shields uses realistic networks, technologies and attack methods on par with real-world developments, Priisalu adds.
“We introduced smart phones and critical infrastructure components such as power grid to Locked Shields last year. A central part of the scenario focused on drones and regaining control of our own systems after they have been broken into,” Priisalu says. “In 2016, the networks include a variety of operating platforms: Windows 8 and 10, Linux and Apple IOS. The services the Blue Teams have to maintain range from websites, e-mail and online shopping to industrial control systems.”