1. What is Locked Shields?
Locked Shields is a cyber exercise organized by NATO CCDCOE. It is a large-scale and complex exercise which took place in late April 2022. JPCERT/CC participated in this exercise as a member of the Japan-UK Blue team. We would like to report on the event.
Scene of participation by the Japanese and British teams
(Source: https://twitter.com/ModJapan_jp/status/1517113397745426439)
The purpose of participating in Locked Shields was to deepen our understanding of the protection of systems with various interdependencies, such as critical infrastructure. Through this exercise, participants learned the impact of cyber attacks on society and the importance of cooperation among countries in the face of complex cyber attacks.
At Locked Shields, Japanese participants (Blue Team) worked from Japan, using the remote exercise environment developed by CCDCOE. Japan and the UK formed a joint team this time. The participants from both countries were able to smoothly participate in the exercise despite the remote environment.
Locked Shields covers both technical and non-technical challenges. The technical challenges involved participants investigating, protecting and operating complex simulated systems and critical infrastructure under cyber attack. At the same time, non-technical challenges included analysis from an international law perspective and media response.
This exercise is also unique in that multiple countries and organizations participated. In addition to NATO member states, the EU and governments, Locked Shields was also supported by private companies in the control systems, telecommunications equipment, cyber security, software, finance and space sectors.
Locked Shields incorporates new technologies and systems. The addition to Locked Shields in 2022 was the financial systems. Communication systems for foreign exchange reserves and financial operations have been added to the scenario. Another feature of this year's exercise was the responses to fake news and information manipulation.
2. Locked Shields and JPCERT/CC Activities
In Locked Shields, the exercise is divided into a red team for the attackers and a blue team for the defenders. Each participating country organizes the Blue teams. Blue Teams defended nearly 5,500 computers virtualized on the exercise system against more than 8,000 attacks and conducted incident reporting, forensic analysis, legal assessment and public relations activities.
32 countries participated in the exercise, and these countries comprised 24 Blue Teams. Some Blue Teams, including Japan and the UK formed joint teams. The Blue Teams consisted of an average of 50 members, all experts in their respective fields.
JPCERT/CC participated in the exercise as a member of a Blue Team. Locked Shields is a valuable exercise opportunity for JPCERT/CC, which has been coordinating internationally as a contact point for Japan, to overcome challenges by teaming up with partners not only in Japan but also other countries.
Exercise operation headquarters in Estonia, Part 1
(From NATO CCDCOE official Flickr)
Exercise Operation Headquarters in Estonia, Part 2
(From NATO CCDCOE official Flickr)
3. The Importance of Cyber Exercises
Compared to last year, this year's Locked Shields, in which a wide variety of organizations participated, provided an opportunity to recognize the importance of not only international collaboration but also constant implementation of new initiatives.
Today's society is increasingly reliant on information and communication technology, which is constantly changing. On the other hand, cyber attacks leveraging the new technology are increasing and becoming more diverse. The key at this time is trusted partners and self-innovation to keep up with evolving technologies and organizations. For this reason, cyber exercises such as Locked Shields, where new technologies are constantly implemented and the public and private sector participants work together for effective protection against cyber attacks, are a valuable opportunity.
Through the exercise, government agencies, including the Ministry of Defense and the Self-Defense Forces as well as personnel from many private companies and organizations, including JPCERT/CC, worked together as one team to tackle the challenges. The trust developed at the individual level during the exercise will serve as a valuable foundation for our future activities.
4. Way forward
The challenge as we move on is to address the technical, legal and policy issues identified through the exercise, and JPCERT/CC continues to stress the importance of reviewing Japan's cyber security from various perspectives, not just addressing technical issues. One of the perspectives is to ensure cyber security through international cooperation.
In international cooperation in cyber security, it is crucial to create a system for both supporting and supported parties. In Japan, the importance of cyber security is attracting renewed attention. International cooperation is also more critical than ever before. For example, JPCERT/CC has contributed to capacity building by providing CSIRT training to other countries. This activity was realized by building a trust relationship with the partner organization over a long period, while matching their requirements and what JPCERT/CC could provide.
Locked Shields required collaboration with other countries, and the Japanese team had to communicate in English. JPCERT/CC confirmed the importance of both supporting and receiving sides in ensuring cyber security through international cooperation.
- Dai Mochinaga and Koichiro Komiyama
Article Link: JPCERT/CC participated in the Locked Shields 2022 - JPCERT/CC Eyes | JPCERT Coordination Center official Blog