Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Although it is funded by NATO member, it is not directly affiliated with the organization. It plays a leading role in education and information sharing to bolster member nations’ digital defense capabilities. Last year, the Centre published the Tallinn Manual, which addresses the voluminous legal issues surrounding this new form of warfare.
In just three years, Locked Shields has established itself as a premier multinational cyber wargaming events. This year’s exercise drew 300 people from 17 countries; among them were members of the Finnish security firm Codenomicon, which uncovered the Heartbleed vulnerability earlier this year.
For years, Western powers like the US and United Kingdom have staged highly secretive exercises like Eligible Receiver 97. Locked Shields uses a more collaborative approach; the goal is to foster cooperation among European nations. Although the teams compete against each other, the gameplay encourages collaboration to shut down the attack more quickly. The exercise is not a war game in the traditional sense, because the people involved are largely civilians and the attacks targeted commercial, not military, systems. That reflects the growing reality that in cyber warfare, targets will include civilian computers operating critical infrastructure like banks and power plants.
The event, held one weekend in May, was staged from the Hotel Euroopa on the outskirts of Tallinn’s medieval town center. The ancient perimeter wall and stone towers that once helped defend the town stood in stark contrast to the rows of glowing laptops that are the first line of defense in modern warfare. “It was a visual paradox,” says Locatelli. “Seventies carpet and Soviet architecture brimming with modern technology.”
The target was a drone manufacturer in the fictional nation of Berylia, an island in the North Atlantic. As the company prepared for a demonstration at the World Drone Expo in Dubai, “hacktivists” attacked its website and network. Meanwhile, a nation-state team used the attack as a cover to launch its own assault on Berylia’s defense networks. The Red Team, outfitted in red T-shirts, launched the attacks from within the hotel while 12 Blue Teams defended Berylia from their home countries.
Teams earned points based on how long it took them to identify an attack, how effectively they defended against it and their ability to keep networks running during the assault. They also were scored based upon how they dealt with the media–which had inside information about the attack—and their adherence to the law while crafting their response to the attacks. To that end, each team had legal experts at their disposal.
Locatelli drew mixed reactions from his subjects. Some on the Red Team avoided him and didn’t want to be photographed or identified. Others had no problem with his
camera
. But they all agreed that their monitors were off-limits. They didn’t want to give away their tricks and strategies.
“I had to focus on the small things, the moments,” says Locatelli. When John McHugh, secretary of the US Army showed up for a visit during the exercise, Locatelli says for an instant “it felt like a real war.”The threat of such a war mounts as more nations develop cyber warfare units and digital weapons. The US leads the way with the US Cyber Command, whose budget this year was $447 million. Cyber Command reportedly helped develop and deploy the world’s first known digital weapon—the Stuxnet worm that targeted Iranian centrifuges used to enrich uranium. Stuxnet was a destructive digital attack, and the first of its kind in that it was designed to cause physical damage to infrastructure. Other attacks have focused on deleting data, like the Wiper
malware
that struck the Iranian Oil Ministry in 2012.
The Cooperative Cyber Defence Centre of Excellence was born of similar aggression—a denial-of-service attack that hit computers in Estonia
in 2007 after a diplomatic dispute with Russia. Neither Estonia nor
NATO was prepared to defend against such an assault, which was widely
believed to have been launched by Russia. The Centre was established to
help NATO members prepare such defenses.courtesy of : www.wired.com
No comments:
Post a Comment