This annual exercise, organised by CCDCOE since 2010, enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects.

It is a Red team vs. Blue Team exercise, where the latter are formed by member nations of CCDCOE. In 2021 there were 22 Blue Teams participating with an average 40 experts in each team. The Teams take on the role of national cyber Rapid Reaction Teams that are deployed to assist a fictional country in handling a large-scale cyber incident with all its implications. The Exercise in 2021 involved about 5000 virtualised systems that were subject to more than 4000 attacks. The teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks and attack methods.

Over 2000 Cyber Experts from 32 nations at the Locked Shields Exercise 2022

During two days more than 2000 participants from 32 nations practised the protection of national IT systems and critical infrastructure under the pressure of a large-scale cyberattack at the annual live-fire cyber defence exercise Locked Shields. In addition to protecting numerous cyber-physical systems the participating teams practiced tactical and strategic decision making, cooperation and the chain of command in a crisis situation where they also had to tackle forensic and legal issues and respond to information operations challenges.

The annual real-time network defence exercise is a unique opportunity for cyber defenders to practise protection of national IT systems and critical infrastructure under the pressure of a severe cyberattack.

According to Carry Kangur, Head of Cyber Exercises at CCDCOE, this years’ exercise had the opportunity to be planned mostly on-site and less remote as the COVID-19 situation has eased. Additionally, there were quite a few new partners introduced, which made organising the whole exercise easier.

According to the scenario, a fictional island country located in the northern Atlantic Ocean, Berylia, is experiencing a deteriorating security situation as there have been a number of coordinated cyberattacks against Berylian military and civilian IT systems. These attacks have caused severe disruptions to the operation of government and military networks, communications, water purification systems and the electric power grid and eventually lead to public unrest and protests. For the first time the exercise includes the simulation of a reserve management and financial messaging systems of a central bank. Additionally, a 5G Standalone mobile communication platform is deployed as part of a critical infrastructure to give the first experience to cyber defenders about upcoming technology change.

Exercise Locked Shields is a Red Team (RT) vs. Blue Team (BT) exercise with Teams formed by member nations and partners of CCDCOE. In 2022 there were 24 BTs participating with an average of 50 experts in each team. The teams took on the role of national cyber Rapid Reaction Teams that are deployed to assist a fictional country in handling a large-scale cyber incident with all its implications. The Exercise involved about 5500 virtualised systems that are subject to more than 8000 attacks. In addition to securing complex IT systems, the participating teams must had also be effective in reporting incidents and solving forensic, legal, media operations and information warfare challenges.

In total there are were more than 2000 participants from 32 nations to be involved in Locked Shields 2022. The exercise was organised by CCDCOE in cooperation with NATO, Siemens; TalTech; Clarified Security; Arctic Security; CR14. The Centre also acknowledges the unique elements added to Locked Shields 2022 by Microsoft, the Financial Service Information Sharing and Analysis Center (FS ISAC), SpaceIT, Fortinet.

Locked Shields 2022 winner was Finland

The joint team Lithuania-Poland took second place and Estonian-Georgian joint team came third. 

“It was a very close run. The winning team demonstrated solid defence against network and web attacks and they excelled in situation reporting. Overall they scored above average in all categories and this is one of the important aims of Locked Shields. The most successful are teams who manage to tackle all challenges in different categories as the strategic decision makers and technicians will have to work together to properly address all the elements of a large-scale cyber-attack,” said Carry Kangur, Head of Cyber Exercises at the CCDCOE. 

 “All 24 participating teams can consider themselves winners as hopefully they will go home with a valuable, cutting-edge and relevant training experience that only Locked Shields can offer since it provides a unique opportunity for teams to test their skills in a safe environment. Every year we see the performance of the Blue teams improving. They are getting more organised as they demonstrate strong leadership and good integration in both technical and non-technical skills,” added Kangur.