In March 2012 the centre organised, in cooperation with its partners, a technical Blue-Red Team exercise Locked Shields 2012. A brief video overview of it can be viewed here and the After Action Report can be downloaded here.
This CDX had a game-based approach, which means that no real organisations played their actual role and the scenario was fictional. The Blue Teams had to defend a partially pre-built environment simulating the network of a small telecommunications company. To motivate the teams and measure the success of different strategies and tactics, there was a competition between the Blue Teams. The progress of the teams was measured by automatic and manual scoring. There was one Red Team, whose objective was to provide equally balanced attacks against all the Blue Team networks. Red Team members were not competing with each other.
• Support MNE7 cyber campaign in exploring solutions for gaining situational awareness in cyber environments.
• Train the teams of IT specialists to detect and mitigate large-scale cyber attacks and handle incidents. The organisers will not provide training on specific topics, but will provide an interesting scenario and environment to test skills and teamwork and teach cooperation at national and international level.
• Train legal experts by involving them as analysts and observers at the event.
• Learn from the activities of Blue and Red Teams.
• Create the technical infrastructure in such a way that it would be easy to reuse the components and set it up again for a new exercise.
Blue Teams were the main training audience. They were expected to defend and secure their networks by technical means, but also to be capable of providing adequate information to the media, to report observations and detected incidents to CERT, to write summaries to the management in order to assess the impact of attacks to the business and to respond to requests from clients and users.
Red Team’s role was to conduct a campaign of equally balanced attacks against all the Blue Teams, under the control of White Team.
White Team was responsible for the overall control of the CDX. There are also many other roles that White Team had to simulate during the execution of CDX12. These roles included CERT, clients, media, management and users of Blue Team companies.
Legal Team defined the fictional legislation for the game and observes the exercise from the legal perspective. Legal Team could make proposals to White Team and provide assistance to the Blue Teams through White Team. However, the exercise was designed such a way that decisions from the lawyers could not slow down or stop the game.
Green Team prepared the technical environment for the CDX12.
Yellow Teams provided tools for lightweight reporting and collaboration.
MNE7 Situational Awareness Team conducted an experiment in the context of CDX12 to explore procedures and tools for gaining situational awareness in the cyber domain.
The teams engaged in CDX12 were assembled of participants from multiple nations. For instance, Blue Teams consist of experts and specialists from governmental organisations, military units, CERT teams and private sector companies. There were Blue Teams from Switzerland, Germany, Spain, Finland, Italy, NATO (NCIRC), Slovakia and combined teams from Germany-Austria and Denmark-Norway. The core of the Red Team composed of specialists and volunteers from Finland and Estonia, with additional contributors from Germany, Latvia and NCIRC.
Technical environment for CDX12 was centralised. Teams had to use VPN to access their networks, consisting of virtual components (virtual machines with Windows and Linux operating systems, virtual switches and routers).