TALLINN, Estonia -- As the mist and fog fade from the morning air in Tallinn, Estonia, a coalition representing the nation of Crimsonia is on the attack, putting enemy nation Berylia's critical infrastructure at risk. As the situation becomes perilous and pressure mounts, more than 1,000 representatives from over 30 different countries prepare themselves for war. Cyberwar, that is. But this isn't the real thing; it's a game. The exercise is the world's largest and most advanced live-fire cyber exercise, held by the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE). This is Locked Shields 2018.
Locked Shields turns eight this year, and is more technically advanced than ever before. Cybersecurity experts from industry, government, and military from each of the participating nations work in unison to organize, prepare, and execute the elaborate cyber exercise. Industry participants, including Siemens AG, National Security Research Institute of the Republic of Korea, Threod Systems and Ericsson work tirelessly for months to prepare the real-world, large-scale power grid control system, a 4G LTE public safety network, a programmable logic controller (PLC) operated water purification facility and military surveillance drones.
The situation for Berylia is becoming dire. The fictional nation that is currently experiencing numerous cyber-attacks on its critical infrastructure - perpetrated by Crimsonia, also a fictional nation. Berylia's systems will undoubtedly be compromised, should the attacks continue.
Given that cybersecurity is such an emerging frontier, you may wonder exactly what happens during a cybersecurity exercise. In the case of Locked Shields, red teams act as the aggressor and use their penetration testing expertise to gain access and compromise IT systems protected by Blue Teams. The Blue Teams serve as the network defenders, securing and shielding various IT systems. For blue teams to compete, they must be a member nation of the NATO CCDCOE. Everything from networks, supervisory control to data acquisition (SCADA) and industrial control systems (ICS) fall under their purview. Aside from the red and blue teams, three other teams help make the exercise possible: the neutral white, yellow and green teams.
The green team are responsible for configuring and managing the vast number of over 4,000 virtual machines divided among the independent blue team networks that are essential to Locked Shields. The green team must keep their systems up and running to enable the large-scale exercise to run smoothly.
In past years, the white team controlled the exercise and scenario-based injects. However, this year, another challenge has been added: strategic-based injects. The strategic element of the game challenges teams to incorporate real-world tertiary factors into the scenario, such as the addition of legal advisors and media relations.
The yellow team is tasked with grading the situational awareness and reporting of each blue team. The reporting process can be a challenge for joint blue teams. Robert Johnson of 2d Theater Signal Brigade and a member of one joint blue team states, "Even though there are some cultural and language barriers, the collaboration that takes place and knowledge you gain is invaluable to any cybersecurity professional regardless of where your team places."
In the end, the joint NATO blue team was awarded the first place trophy, while the French took second place. Falling into third place was last year's winner, The Czech Republic. The United States opted out of sending a standalone blue team this year. Instead, they sent various representatives to participate in joint-blue, white and yellow teams.
Locked Shields emulates the real-world threat landscape that exists in today's critical infrastructure and IT systems. Participants are required to have numerous years of professional experience in a variety of cybersecurity verticals to participate in the event. Some of the participants in this year's exercise are Estonian Defence Forces, the Finnish Defence Forces, the Swedish Defence University, the British Joint Army, the United States European Command, and Tallinn University of Technology.
CCDCOE's mission is to, "enhance capability, cooperation and information-sharing between NATO, Allies, and partners in cyber defence." Locked Shields serves a crucial opportunity for partner nations of CCDCOE to share their expertise and ideas on countering emerging cyber threats that exist throughout the world.