More than 1,000 experts from nearly 30 countries have tested their ability to protect IT systems and critical infrastructure networks at NATO’s Locked Shields 2018 live-fire cyber defense exercise.

A total of 22 Blue Teams took part in the exercise, including representatives of NATO, the European Union, the United States, the United Kingdom, Estonia, Finland, Sweden, Latvia, France, the Czech Republic, and South Korea.

Locked Shields, organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) since 2010, took place on April 23-26 in Tallinn, Estonia, and it was won by a 30-member team representing NATO. Teams from France and the Czech Republic finished in second and third place, respectively.

The exercise tested not only the technical abilities of national cyber defense teams when faced with a severe attack, but also their decision-making skills, including cooperation with other teams.

The drill was based on a scenario involving a fictional country named Berylia, which got hit by a number of hostile events and coordinated cyberattacks targeting a civilian Internet services provider and a military airbase. The attacks disrupted the power grid, drones, 4G public safety networks, and other critical infrastructure.

Locked Shields involved 4,000 virtualized systems and over 2,500 attacks. Participants were tasked with maintaining complex IT systems while completing a wide range of tasks, including reporting incidents, making strategic decisions, and conducting forensic investigations.

“The exercise serves as a valuable platform for senior decision-makers to practice the coordination required to address complex cyber incidents, both internally and internationally. In the strategic game of Locked Shields Blue Teams had to determine at what level the information should be shared, who has the authority to make a decision and give guidelines, what are the potential legal implications,” said Cdr. Michael Widmann, chief of the NATO CCDCOE Strategy Branch.

“Overall the exercise was a success. Teams coordinated in a complex and dynamic environment and addressed key issues necessary to endure intense cyber attack,” Widmann added.

via:  securityweek