NATO Cyber Drill in April 2013

NATO Cooperative Cyber Defence Centre of Excellence has organised a cyber exercise for a  technical Blue-Red Team named  Locked Shields (CDx) In the middle of April 2013.

Exercise Scenario

Exercise has fictional war game approach in it's scenario,An international coalition forces in an unstable country called Boolea with blue teams and a religious and well-equipped insurgency offensive movements during  deadly epidemic among the local population.

IT systems of international aid organisations are under cyber attacks while their initial response capability is severely limited.Ten  support teams task team is to provide help and  keeping the systems running at 10 different sites for 2-3 days until crisis response teams of the aid organizations arrive.

Scenario Teams

  • Blue Teams
    are the main training audience. They have to defend a pre-built network which is initially unknown to them and contains vulnerabilities. To provide feedback to the teams and measure the success of different strategies and tactics, Blue Teams will be assigned automatic and manual scores, and there will be a friendly competition between the Blue Teams.
  • Legal Team
    is the second training audience. One or two legal advisors will accompany each Blue Team.
  • Red Team’s
    mission is to compromise or degrade the performance of the systems that are protected by the Blue Teams. The technical details of the initial configuration of the Blue Team systems will be available for the Red Team beforehand, along with the opportunity to scan Blue Teams’ systems for vulnerabilities before the execution. Red Team members will not compete with each other and their activities are not scored.
  • White Team
    is responsible for the overall organisation of the CDx. They define the training objectives, scenario, develop attack campaign together with the Red Team, write down the rules, etc. During the Execution phase, the White Team acts as the exercise controllers’ cell.
  • Green Team
    is responsible for preparing the technical infrastructure for the exercise.
  • Yellow Team
    selects and configures required tools to collect, analyse and visualise information coming from different sources. Human analysts process and investigate that information and provide periodic situation updates to the exercise controllers. They also provide feedback to the Blue Teams.