Sweden participates in world's largest Live-Fire Cyber Exercise

On April 10-11 2020, the world's largest cyber defense exercise, Locked Shields, takes place, organized by the NATO Cyber Defense Center in Estonia. In total, around 1,000 people participate in teams from 23 countries as well as a mixed NATO team. Sweden participate with a team of over 50 experts from a handful of Swedish authorities and companies.

"We have an incredible team lineup this year where we have succeeded in gathering some of the very best in Sweden. I am very pleased that both authorities and companies are setting up with their experts because it is an invaluable opportunity to practice really tough threats to cyber security in a society during controlled, yet very pressing circumstances. It is also a good exercise in collaborating across organizational boundaries", says team leader Erik Biverot, to everyday exercise manager at CERT-SE, which is Sweden's national indicator management organization for IT security (CSIRT) at the Swedish Civil Protection and Emergency Preparedness Authority.

Exercise and competition

Locked Shields has been carried out annually since 2010 and is organized by the Nato Cooperative Cyber Defence Centre of Excellence in Estonia. The basic scenario is the same - the fictitious country of Berylia is exposed to massive cyber attacks of various kinds and the competition law constitutes the rapid response force to ensure that Berylia's networks and other services are not paralyzed by the attacks. The exercise is both technical and strategic. The technicians will try to keep the systems running while the strategy part is to manage the situation at a high decision level, follow international law in the area and it can also be about managing issues from journalists.

"There is a wide range of challenges you face. It can be anything from attacks against control and control systems, networks and services to managing false rumors in the media. At the same time, it is also important to have a good situation picture and be able to report to the exercise management", says Erik Biverot.

4,000 systems and 2,500 attacks

The Exercise Management controls the scenario from Tallinn and there the antagonists, who are called the Red Team, also sit there. The exercise is going on for two very intensive days. No one knows exactly what challenges are waiting, but the law will have the opportunity to get acquainted with limited parts of the environment for a few days. And at the start of the race you get a half-hour lead in order to familiarize yourself with the basic scenario before the red team - the enemy - starts with full force.

Locked Shields include around 4,000 virtual systems and a total of over 2,500 different kinds of attacks. In addition to keeping complex IT systems running during the attacks, the law is also measured on its ability to report incidents, take strategic decisions and implement advanced troubleshooting, so-called IT-reconciliation. The law therefore consists of a wide range of competences from IT security specialists, network technicians, IT forensics, managers, lawyers and communicators.