The team from NATO Computer Incident Response Capability (NCIRC) wins the largest international live-fire cyber defence exercise Locked Shields 2015. Estonia and Poland take second and third place respectively.
NCIRC also takes home the special scenario prize while the defensive team from Czech Republic comes out on top of both the legal and media challenges.
“The key to winning Locked Shields is keeping your networks within the exercise open and running,” explained computer security expert Jaan Priisalu, one of the exercise architects and a senior fellow at the NATO Cooperative Cyber Defence Centre of Excellence. No one would like to live in a world where computer security always takes priority over usability, he added.
“The exercise starts long before our gamenet opens. Before the active phase, a team has to figure out what they should expect as well as their plan and division of labour in defending their systems,” Priisalu emphasized. “It is as important that technology specialists are able to talk about what you are doing, be it to the media, public or just your management.”
“A major change this year was that most teams have really embraced internet protocol version 6. While in 2014 few knew what to do with it, now teams know how to use IPv6,” said Priisalu. The largest of its kind globally, Locked Shields is unique in using realistic technologies, networks and attack methods. New attack vectors in 2015 included ICS/SCADA systems as well as an element of active defence.
Locked Shields is an annual real-time network defence exercise, organised since 2010 by the NATO Cooperative Cyber Defence Centre of Excellence. The training audience of the exercise is the national Blue Teams: computer emergency response specialists, playing the role of the rapid reaction teams of the fictional country of Berylia. 16 nations and NATO Computer Incident Response Capability participated as the defensive teams this year.
In addition to technical and forensic challenges, Locked Shields also includes media and legal injects. It thus provides insight into how complex a modern cyber defence crisis can be, and what is required from nations in order to be able to cope with these threats.
Locked Shields 2015 is supported by the Government of Canada. The grant covers purchase of technical equipment for the NATO Cooperative Cyber Defence Centre of Excellence cyber lab and supporting services that allowed increasing the capacity of the annual Locked Shields cyber defence exercise.
The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited knowledge hub, think tank and training facility, focused on interdisciplinary applied research and development as well as consultations, education and exercises in the field of cyber security. The Centre’s mission is to enhance capability, cooperation and information-sharing between NATO, Allies and partners in cyber defence.