This annual exercise, organised by CCDCOE since 2010, enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects.

It is a Red team vs. Blue Team exercise, where the latter are formed by member nations of CCDCOE. The participating Blue Teams play the role of  national rapid reaction teams that are deployed to assist a fictional country in handling a large-scale cyber incident and all its multiple implications. The exercise involves around 4000 virtualised systems and more than 2500 attacks altogether. In addition to maintaining complex IT systems the Blue Teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges. To stay abreast of market developments, Locked Shields focuses on realistic and cutting-edge technologies, scenarios, networks and attack methods.

New Challenges in 2018

Locked Shields introduces new challenges, technologies and specialised systems every year. Considering the current cyber threats that are concerning nations the most, in 2018 the exercise addressed the protection of vital services and critical infrastructure.

According to the scenario, a fictional country, Berylia, experienced a deteriorating security situation, where a number of hostile events coincide with coordinated cyber attacks against a major civilian internet service provider and military airbase. The attacks caused severe disruptions in the operation of the electric power grid,  4G public safety networks, drone operation and other critical infrastructure components. While the aim of the tech game is to maintain the operation of various systems under intense pressure, the strategic part should serve as a forum to understand the impact of decisions made at the strategic and policy level.

More than 1000 experts from nearly 30 nations took part in Locked Shields 2018. While the organisers of the exercise gathered in Tallinn, Estonia, the participating Blue Teams had secure online access from their nations. The NATO team emerged as the winner of Locked Shields 2018.

Essential Takeaways

Locked Shields is a unique opportunity to encourage experimentation, training and cooperation between members of CCDCOE, NATO and partner nations. It offers an unprecedented occasion for nations to challenge themselves in a safe environment while being aggressively challenged by a world-class opponent. The network, which the Blue Teams must defend, consists of more than 150 virtual hosts per team. The virtualized Blue Team networks are custom-built and include a variety of services and platforms, both civilian and military.

The exercise addresses areas which have proved to be most challenging for Blue Teams in recent years:

  • Protecting unfamiliar specialised systems;
  • Writing good situation reports under serious time pressure;
  • Detecting and mitigating attacks in large and complex IT environments;
  • Well-coordinated teamwork.

Locked Shields 2018 was organised by CCDCOE in cooperation with the Estonian Defence Forces, the Finnish Defence Forces, the Swedish Defence University, the British Joint Army, the United States European Command, National Security Research Institute of the Republic of Korea and Tallinn University of Technology. Industry partners in the exercise include Siemens AG, Ericsson, Bittium, Goodmill, Threod Systems, Cyber Test Systems, Clarified Security, Iptron, Bytelife, BHC Laboratory, openvpn.net, GuardTime and numerous others.

Locked Shields 2018 Key Facts:

  • Live-fire = real-time Red Team vs. Blue Team exercise
  • Involved regular business IT, critical infrastructure and military systems
  • Integrated technical and strategic decision-making exercise
  • More than 1000 cyber defence experts from nearly 30 nations
  • Blue Team participation open to CCDCOE member nations
  • Runs on Cyber Range, an innovative platform managed by the Estonian Defence Forces