NATO Cyber War Games 2017: Czechs Win

The Czech Republic team wins the largest and most complex international live-fire cyber defence exercise Locked Shields 2017.  The Estonian team and NATO Computer Incident Response Capability (NCIRC) team from NATO take second and third place respectively.

The defensive team from Czech Republic also takes home the special prize for the scenario inject. NCIRC team scored the highest in the legal game of the exercise, while the German team came out on top of forensic challenges and the team from the United Kingdom achieved the highest scores in handling the strategic communication challenges

The US team scored the most improved in this year's NATO Locked Shields cyber war games, but experts said that result might not be reason to celebrate.

The Locked Shields event is a "live-fire" cyber defense exercise organised by the NATO Cooperative Cyber Defence Centre of Excellence in which teams are "tasked to maintain the services and networks of a military air base of a fictional country, which, according to the exercise scenario, will experience severe attacks on its electric power grid system, unmanned aerial vehicles, military command and control systems, critical information infrastructure components and other operational infrastructures."

During the cyber war games, there were more than 2,500 possible attacks that could be carried out against more than 3,000 virtualised systems meant to simulate military air command and control systems, drone and ground control, a large-scale SCADA system controlling the power grid and programmable logic controllers.

Nathaniel Gleicher, head of cyber-security strategy at Illumio and former director of cyber-security policy for the White House, said this type of cyber war practice is "essential to effective cyber-security."
"Exercises like this are an important way that security teams can build experience for real threats. The Locked Shields war game is interesting in that it focuses entirely on defense: teams compete to protect their networks, with third parties playing the intruders," Gleicher told SearchSecurity. "This is an especially useful form of wargame, defense is much more difficult than offense, and any opportunity our teams get to improve their skills in defense is a great opportunity."
John Bambenek, threat research manager at Fidelis Cybersecurity, said it was especially important for the cyber-war games to be "live-fire."
"Defenders learn best in a live-fire environment. When the 'red team' can simulate what adversarial nations are doing, that's even better," Bambenek told SearchSecurity. "Tabletop exercises can only take learning so far. Operators need valuable experience, and they need to do so under fire."

The US Army Cyber Brigade was one of 25 countries to compete in the Locked Shields 2017 cyberwar games and finished 12th, which is a marked improvement from the 2016 event where the US was last out of 19 countries participating.
However, Bambenek said "given the threats we face as a nation, we simply can't accept anything less than number one."
"That said, the improvement from last place to the middle of the pack shows an increase in capability. It also shows that they are learning. That's exactly the point of these exercises," Bambenek said and noted that enterprises should take a lesson from the games. 

"Training, particularly hands-on training, is crucial for the continued improvement and development of defenders. Enterprises should set aside funds to participate in third-party exercises so their team can practice. Always use events within an organisation as training. Successful, yet minor, breaches should not resort in blamestorming sessions. Instead, they should be used to help defenders improve."

Gleicher said the US team's results offer an important lesson, "everyone struggles with defense."
"To be honest, the cards are stacked against defenders from the beginning. The teams are placed in an unfamiliar environment to make life more difficult for them, but the truth is that most defenders are operating in an unfamiliar environment anyway because most organisations understand surprisingly little about the applications that they are protecting,"

Gleicher said. "If there's any lesson from this exercise and others like it, it's that we need to substantially increase our ability to understand and control the environments we are protecting."

SearchSecurity:   NATO CCDCOE:     

You Might Also Read: 

Forget Trident & Welcome To Cyber Warfare:

Locked Shields 2015: NATO Holds Major Cyber-Security Drill

Handbook Of Russian Information Warfare:

NATO Cyberwar: Establishing Rules Of Engagement:

 

 

« The Cybersecurity Threats That Keep Banks Alert
Hackers Stole A £60,000 BMW »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.