The world’s most extensive and complex cyber-security exercises organized by NATO took place for the 12th time. During these exercises, cybersecurity experts practiced defending civil and military information systems, including critical infrastructure that is subjected to large-scale cyber attacks. The writers used the current geopolitical situation to develop realistic and challenging scenarios, including conducting more than 8,000 attacks on 5,500 virtual systems.
The subject of the competition was related to the fictional state of Beryllium, located on an island in the North Atlantic, which was the victim of many coordinated cyber attacks on military and civilian IT systems. It caused major disruptions to government and the army networks and key installations for the general public, such as communications, water purification, and electricity supply, not to mention leading to civil unrest and protests. This year, for the first time, the exercises also included a simulation of crisis actions supporting the central bank in its tasks related to managing reserves and issuing financial messages.
In the exercise scenario, each of the participating countries’ national teams plays the role of a “blue” team, i.e., defenders. At the request of the fictional Beryl, each of the “blue” teams protects a simulated part of its IT infrastructure from the hostile actions of the “red” team.
Each of the “blue” teams consisted of about 50 experts. The Polish-Lithuanian team includes CERT Polska specialists who fulfill the obligations of CSIRT (Computer Security Incident Response Team) at the highest national level daily. They were accompanied, among others, by the employees who remained in two top-level CSIRTs in Poland: CSIRT GOV and CSIRT MON, and CSIRT of the Polish Financial Supervision Authority, and experts from the private sector. CERT Polska experts coordinated the work in networks, internet applications, and special and legal systems.
In NATO Locked Shields exercises, the tasks of the “blue” teams include not only defensive activities, such as network security or attack detection and prevention but also information exchange as part of international cooperation, securing evidence of attacks and legal action. Everything happens under a lot of time pressure in a previously unknown “blue” environment. The actions of the “reds”, in turn, are to simulate the activities of an organized, hostile team using tactics, techniques, and procedures such as those used by professional cybercriminals or hackers acting on behalf of governments.
In addition to many standard IT systems – workstations, servers, or network devices, Locked Shields exercises also include specialized military and critical infrastructure systems.
Experts from Ukraine were also invited to participate in this year’s exercises.
CERT Polska regularly participates in international exercises, checking both technical skills of threat analysis and testing incident response procedures in a global context. Locked Shields is the largest and most advanced computer security defense exercise globally. They have been organized annually, since 2010, by CCDCOE – NATO-certified Center of Excellence for Cooperation in Cybersecurity, based in Estonia. Countries that finance the Centre’s operation, commercial entities, and scientific institutions participate in the exercises.
The Polish-Lithuanian team has again proved that it is one of the world’s best. It has achieved significant success in all assessed categories, particularly in the areas of countering cyber-attacks and maintaining the availability of security systems of WEB, Forensic, CTI systems, and reporting.