The team from Sweden finished Locked Shields 2021, the largest and most complex international live-fire cyber defense exercise globally, with the highest score.
Blue Teams from Finland and the Czech Republic took second and third place respectively.
"Congratulations to the teams, whose strategy proved to be the best, however every single participating team is a winner for tackling the unrivalled complex cyber challenges of Locked Shields exercise," said Carry Kangur, head of cyber exercises at the Tallinn-based NATO Cooperative Cyber Defense Center of Excellence (CCDCOE), which hosted the exercise with partners.
Kangur said this year, the exercise involved in total more than 5,000 virtualized systems that had to be defended against over 4,000 attacks. In addition to maintaining more than 150 complex IT systems per team, the Blue Teams had to be efficient in reporting incidents, executing strategic decisions, solving forensic, legal and media challenges and dealing with hostile information operations.
"Understanding the interdependencies of national IT systems is at the heart of protecting a nation under a massive cyber attack," Kangur added.
In 2021 the exercise highlighted the growing need to enhance dialogue between technical experts, civil and military participants and decision-making levels. The CCDCOE integrates the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber incident involving both civilian and military players.
The exercise this year involved 30 nations. For the first time ever, the exercise involved a satellite mission control systems needed to provide real time situational awareness to aid military decision making.
Locked Shields is a Red team versus Blue Team exercise, where the latter are formed by member nations of CCDCOE. The participating Blue Teams play the role of national cyber rapid reaction teams that are deployed to assist a fictional country in handling large-scale cyber incidents and all their multiple implications.
According to the scenario, a fictional island country located in the northern Atlantic Ocean, Berylia, was experiencing a deteriorating security situation. A number of hostile events had coincided with coordinated cyberattacks against Berylian major military and civilian information technology systems. These attacks caused severe disruptions to the operation of military air defense, satellite mission control, water purification and the electric power grid. In addition, within the strategic track element of the exercise participants had to contend with major disruptions to the financial system.
The Locked Shields exercise has been taking place mostly virtually since 2010, with the Blue Teams, meaning the teams of experts that are being trained, always taking part in the exercise from their home countries. This year was unique from other iterations of Locked Shields in that for the first time the organizers also participated remotely rather than gathering in Tallinn as they had done in previous years.
Editor: Helen Wright