Exercises

The Centre has contributed to NATO Cyber Defence Exercises (Cyber Coalition) since 2009 by helping to plan, develop the scenario and execute the exercise. “Cyber Coalition” is a procedural exercise designed to give its participants a better understanding of NATO’s Cyber Defence capabilities and to identify areas for improvement within the NATO-wide Cyber Defence community.

The Centre also conducts technical cyber defence exercises. The Baltic Cyber Shield in May 2010 was organised in co-operation with several Swedish governmental institutions. This practical exercise gave its participants a hands-on experience in defending industrial computer networks from live attacks. The After Action Report of the Baltic Cyber Shield can be downloaded here.

In March the centre is organising in cooperation with its partners a technical Blue-Red Team exercise Locked Shields 2012.

Locked Shields 2012

This CDX has a game-based approach, which means that no real organisations will play their actual role and the scenario is fictional. The Blue Teams will have to defend a partially pre-built environment simulating the network of a small telecommunications company. To motivate the teams and measure the success of different strategies and tactics, there will be a competition between the Blue Teams. The progress of the teams will be measured by automatic and manual scoring. There will be one Red Team, whose objective is to provide equally balanced attacks against all the Blue Team networks. Red Team members will not be competing with each other.

Objectives
• Support MNE7 cyber campaign in exploring solutions for gaining situational awareness in cyber environments.
• Train the teams of IT specialists to detect and mitigate large-scale cyber attacks and handle incidents. The organisers will not provide training on specific topics, but will provide an interesting scenario and environment to test skills and teamwork and teach cooperation at national and international level.
• Train legal experts by involving them as analysts and observers at the event.
• Learn from the activities of Blue and Red Teams.
• Create the technical infrastructure in such a way that it would be easy to reuse the components and set it up again for a new exercise.

Teams
Blue Teams are the main training audience. They are expected to defend and secure their networks by technical means, but also to be capable of providing adequate information to the media, to report observations and detected incidents to CERT, to write summaries to the management in order to assess the impact of attacks to the business and to respond to requests from clients and users.
Red Team’s role is to conduct a campaign of equally balanced attacks against all the Blue Teams, under the control of White Team.
White Team is responsible for the overall control of the CDX. There are also many other roles that White Team has to simulate during the execution of CDX12. These roles include CERT, clients, media, and management and users of Blue Team companies.
Legal Team defines the fictional legislation for the game and observes the exercise from the legal perspective. Legal Team can make proposals to White Team and provide assistance to the Blue Teams through White Team. However, the exercise is designed such that decisions from the lawyers cannot slow down or stop the game.
Green Team prepares the technical environment for the CDX12.
Yellow Teams provide tools for lightweight reporting and collaboration.
MNE7 Situational Awareness Team conducts an experiment in the context of CDX12 to explore procedures and tools for gaining situational awareness in the cyber domain.

Participants
The teams engaged in CDX12 are assembled of participants from multiple nations. For instance, Blue Teams consist of experts and specialists from governmental organisations, military units, CERT teams and private sector companies. There will be Blue Teams from Switzerland, Germany, Spain, Finland, Italy, NATO (NCIRC), Slovakia and combined teams from Germany-Austria and Denmark-Norway. The core of the Red Team is composed of specialists and volunteers from Finland and Estonia, with additional contributors from Germany, Latvia and NCIRC.

Technical Environment
Technical environment for CDX12 is centralised. Teams have to use VPN to access their networks, consisting of virtual components (virtual machines with Windows and Linux operating systems, virtual switches and routers).