May 04, 2015

On 22. and 23. April, for the second time already the Czech Republic joined the international cyber security exercise Locked Shields 2015 (LS15). The fifth annual of this technically oriented exercise was attended by the record-breaking number of four hundred cybersecurity experts from the total of 16 countries including the NATO Computer Incident Response Capability team („NCIRC“).

Despite of the strong competition the Czech Republic achieved the extraordinary results also this year. This biggest international cybersecurity technical exercise is organised by NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE)1 and takes place annually in the Estonian capital Tallinn.

The Locked Shields exercise is concieved as an international cybersecurity network exercise running in a realtime. It is based on ready-made scenarios where defending „blue teams“ are composed from representants of individual countries while attacking „red team“ is manned by organizers. The task of the red team is to attack on blue teams to test not just their protection and technical skills, but also an ability to react and adjust to unexpected conditions from the legal perpective and media communication during the crises. All the details are stemming from the scenarios which remain hidden to the blue teams during the preparation and exercise itself.

The Locked Shields blue and red team competitive game is organised annualy since 2010. In 2014 the combined team of the Czech Republic and Latvia reached the second place. This year, the Czech Republic for the first time sent its own competing blue team composed from the representants of the governmental CERT team, Ministry of Defense CIRC and academic team of Masaryk University. While the LS15´s winner in technical part was the NCIRC team, the Czech republic has prevailed in two out of three independent categories, the legal and the media communication ones. Moreover the Czech team gained one of the best scores for ICS/SCADA2 solutions and in general took up the last year´s success.

During the 2015 opening NATO CCDCOE director lieutenant Artur Suzik confirmed that the exercise´s main aim is to prepare the CERT (Computer Emergency Response Team) specialists for work in the ever changing cyber enviroment. The exercise is unque for the use of real life technologies, networks and attack tactics. The exercise´s reality is continually enriched by the actual trends not just from cybersecurity area. For instance, the analyses of the devices working on Android, IP video cameras3 and network protocol VoIP4 was part of LS14. This year´s novelty were the above-mentioned ICS/SCADA systems and OS Windows 8 and Windows 10. The most attractive scenario was the one including active defence elements with nowdays much-favoured military drones5. The scenarios contain apart from the technical tasks the challenges related to the aplication of national and international law on simulated cyber attacks and handling of media communication.

The total of over 150 organisers are devided to white, green and yellow teams. Whilst the task of white team is to prepare, organize and coordinate a single parts of scenarios, yellow and green teams take care of the technical infrastructure running to ensure the trouble-free course of the entire exercise. The Czech Republic also played an active role in organization of the exercise having two representants in white team, which already since October 2014 held planning sessions to prepare scenarios and particular tasks for blue teams. In spite of being present for a first time at such a large exercise both Czech representants made an all-out effort. First of them became an important part of team taking care of creation, distribution and evaluation of so called „injects“ or tasks, whose fulfilment allows blue teams to score points. The second one was a member of team simulating the media acting. His main duty was to roleplay a journalist, design a newspaper, write articles and challenge blue teams abilities to comunicate with media during a crisis.

In conclusion, the LS15 organisers stated with satisfaction that the performance of exercising teams improves year by year despite of increasingly challenging scenarios.

1 Accredited research and training facility in charge of education, consultation, experience and research sharing and development in the cybersecurity area
2 Supervisory Control and Data Acquisition, a software for controling and monotoring of technical and industrial facilities and proceses
3 IP video camera transmits the pictures in real time over network and allows to authorised users to follow
4 Voice over Internet Protocol, technology allowing for transmission of digitalized voice over network or other means of data connection
5 Unmanned combat aerial vehicle