Ten Blue Teams, consisting of up to 10 experts in IT and 1-2 legal advisors, were the main training audience. They were acting as rapid reaction teams who had to defend virtual networks against the Red Team’s attacks, accomplish orders given by headquarters, follow the local news and respond to media inquiries, and analyse the legal aspects of their mission. The main objective of the exercise was to test the skills of the Blue Team members, educate the legal experts on IT and pressure the lawyers with complex legal tasks.
The scenario engaged the Blue Teams in a mission under UN mandate in a fictional country called Boolea where the conflict between the northern and southern tribes had escalated to a level where the local government was forced to request help from the international community. In addition to traditional hostilities, cyber attacks began in April 2013 against the IT systems of local aid organisations. Ten Blue Teams were requested to be deployed in order to protect unclassified military networks and aid organisations’ networks.
The Blue Teams were from Estonia, Finland, Lithuania, Germany, Holland, Italy, Poland, Spain, Slovakia and NATO. The exercise was organised by NATO Cooperative Cyber Defence Centre of Excellence, Finnish Defence Forces, Estonian Defence Forces, Estonian Cyber Defence League and Estonian Information System’s Authority. Great technical support was received from Cisco, Clarified Networks, Clarified Security and Bytelife.