Locked Shields is the world’s largest cyber defense exercise of its kind, organized by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE). The event was held from 18 to 21 April in Tallinn and had nearly 3,000 participants. Participants included NATO member states and NATO-friendly countries (last year Georgia, this year Ukraine). The main focus of the exercise is primarily technical, but there are also tactical, strategical and legal aspects. For the second year in a row CYBERS participated in Locked Shields and this year four of our team members were in the Estonian-US joint team, which got second place in the exercise.
The Locked Shields exercise is one of a kind and participating in it is a considerable privilege and an opportunity to support both individual and organizational development. As it is well-known, professional networking has a significant impact, as invitation to the exercise often comes through being noticed previously or through connections. Participation is made extraordinary by the fact that, in general, only representatives of government agencies participate in the exercise, but in Estonia, the private sector is also involved. This diversity within the team is certainly one of Estonia’s strengths.
Anyone who is offered the opportunity to participate in the Locked Shields cyber defense exercise should definitely do so, as it provides a unique experience that cannot be gained elsewhere. People who have participated in the exercise are more capable of effectively resolving crisis situations during critical cyber incidents, as they have gained valuable experience during the exercise. The participation of CYBERS representatives also benefits the company, as the experience gained helps to resolve cyber incidents and provide better quality services to clients. In addition, people’s awareness of the company and its activities increases.
Depending on the role in the exercise, participation in Locked Shields requires a fair amount of preparatory work. It is important to mention that participating in the exercise is not monetarily compensated and is entirely voluntary. Nevertheless, participating in the cyber exercise is invaluable, as it provides an excellent unique experience and professional connections that benefit both the participant and the company in their professional life. The exercise focuses little on the individual, as the success of the team is important. Therefore, the exercise supports the development of teamwork skills and provides experience in crisis management. Throughout the exercise, communication is of critical importance, which is why great attention must be paid to it, and there is certainly room for improvement in the coming years.
The CYBERS representatives at Locked Shields were three SOC Analysts (Monitoring team) and an OffensiveSecurity team member (Linux team). While the Blue Team was familiar and comfortable for the SOC Analyst, the other representative took on an opposing role, as their daily work is what the Red or Offensive team does during the exercise. It was exciting for the latter to see what the representatives of the Red Team could come up with, and the experience provided ideas on what not to do and how not to get caught. Despite the fact that the environment was more familiar for the SOC analyst, participating in the exercise provided an opportunity to use different technologies, apply new processes, and gain experience working in a SOC team in a very intense situation.
The Monitoring Team Lead of the Estonian-US joint team admits that although the team was hoping to get the first place, they can still be proud of the achieved second place. Participants from CYBERS who solve incidents, find threats and vulnerabilities on a daily basis were a great addition to the team. Although, they joined the exercise last minute, integration happened very quickly and Estonian-US team cooperated very well together. The Team Lead hopes that Locked Shields was exciting enough for first-time participants, and that CYBERS representatives will join the Estonian team in the coming years, working together to bring the well-deserved first place home.
Although the cyber exercise period is intense and time-consuming, the resources invested are worth the experience gained. When the exercise Red Team members bring out that the multiple systems had very well-executed defense, it adds confidence and leads thoughts towards next year’s exercise.
Photo by: Siim Lõvi/ERR