The NATO Blue Team of cyber defenders, made-up of staff from the NCI Agency's Directorate of Infrastructure Services, and Legal Office, has won the largest international "live-fire" cyber defence exercise – Locked Shields 2015. The winning team had to set-up a virtual network, secure it, and then defend it from relentless and skillful Red Team attacks over a two-day period.
This year 16 nations and the NATO team participated as the defensive teams. Estonia and Poland took second and third place respectively. NATO also collected the Special Scenario Prize.
"It is a superb achievement, providing confirmation that our technology, concepts and most importantly our cyber defenders, are world-class," said Mr Ian West, the NCI Agency Chief Cyber Security Service Line.
The scenario demanded that the NATO Blue Team generate and deploy a Rapid Reaction Team (RRT) in support of the fictional nation "Berylia". Imitating the way a real NATO RRT would be generated, the team included core members of the Cyber Security Service Line and other Agency staff to provide specialist knowledge that was essential to the mission. Importantly, the Exercise also used the RRT equipment recently provided by the NATO Computer Incident Response Capability (NCIRC) Full Operating Capability Project.
"The key to winning Locked Shields is keeping your networks within the exercise open and running," explained computer security expert Mr Jaan Priisalu, one of the exercise architects and a senior fellow at the NATO Cooperative Cyber Defence Centre of Excellence.
"The exercise starts long before our gamenet opens. Before the active phase, a team has to figure out what they should expect, as well as their plan and division of labour in defending their systems," Mr Priisalu emphasized. "It is as important that technology specialists are able to talk about what you are doing, be it to the media, public or just your management."
Locked Shields is an annual real-time network defence exercise, organized since 2010 by the NATO Cooperative Cyber Defence Centre of Excellence. The largest of its kind globally, Locked Shields is unique in using realistic technologies, networks and attack methods.
In addition to technical and forensic challenges, Locked Shields also includes media and legal injects; therefore, providing insight into how complex a modern cyber defence crisis can be, and what is required from nations in order to be able to cope with these threats.