Nine Blue Teams (defenders) representing small telecommunications companies had to defend a pre-built network against hostile attacks conducted by 40 Red Team members. Each Blue Team had a similar network consisting of approximately 25 virtual machines. Initially, their systems were full of vulnerabilities and configuration mistakes. Events were observed and analysed by a Legal Team consisting of an international group of lawyers. The Blue Teams were competing with each other and their progress was evaluated by the White Team.
The main objectives of exercise were: to train Blue and Legal Team members; to support the campaign of the Multinational Experiment 7 (MNE7); to explore situational awareness technologies in the cyber domain; and learn from the activities of Blue and Red Team members. The organisers succeeded in providing an interesting and complex environment for the Blue Teams to defend. In addition to an intensive attack campaign, Blue Teams were challenged by additional tasks and media pressure, requiring them to have a wide range of skills to be successful.
The teams engaged in the exercise included participants from multiple nations. For instance, Blue Teams consisted of experts and specialists from governmental organisations, military units, CERT teams and private sector companies. There were Blue Teams from Switzerland, Germany, Spain, Finland, Italy, NATO Computer Incident Response Capability – Technical Centre (NCIRC-TC), Slovakia, and combined teams from Germany-Austria and Denmark-Norway. The core of the Red Team was composed of specialists and volunteers from Finland and Estonia, with additional contributors from Germany, Latvia, NCIRC-TC and Italy.