I’ve been involved, tangentially, in NATO gaming. The startling thing that comes out each time is how quickly the red team can gain a foothold. Countries and companies should assume that they’ve already been compromised and carry out continual threat hunting exercises to identify and contain attackers…:
[…] As Anna-Maria Talihärm-a senior analyst of the Legal and Policy Branch at the NATO Cooperative Cyber Defence Centre of Excellence-argues, “Not being able to agree on common definitions of central terms such as “cyberattack” and “cyberwar” should not prevent states from expressing the urgency of preparing their nations for possible cyberincidents.”
In this context, NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCE) has been conducting an annual cyber-simulation game since 2010. Called Locked Shields, It is aimed at enabling cyber security experts enhance their skills in defending national IT systems and critical infrastructure from real-time attacks. Blue Teams, formed by member nations of CCDCOE, play the role of national rapid reaction teams deployed to assist a fictional country in handling a large-scale cyber incident. The Red Teams initiate the attacks.
Last year, for instance, CCDCE created a fictional country, Berylia, where several hostile events coincided with coordinated cyber attacks against a major civilian internet service provider and maritime surveillance system.
The attacks, CCDCE notes on its website, caused “severe disruptions in the power generation and distribution, 4G communication systems, maritime surveillance, water purification plant and other critical infrastructure components”. More than 1200 experts from nearly 30 nations took part in that Locked Shields events. The team from France was declared the winner.