LAST YEAR, CAPT. Sean Ruddy and his team of operator-soldiers from the US Cyber Brigade entered a Locked Shields, a NATO-organized cyber-defense war game that pits teams from dozens of countries against “live-fire” attacks. It was their first time. And of the 19 countries represented, the US finished dead last. This week, they got their shot at redemption.
Locked Shields challenges participating countries to show off their defensive prowess, rather than offensive firepower. NATO’s Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia organizes the event, and plays the part of offensive “red teams.” The US and others play as “blue teams,” charged with not just securing the networks of a fictional country, but responding to attendant media and legal issues as well.
“You are in an unfamiliar environment,” says Rain Ottis, who is the NATO CCDCOE Ambassador and head of the neutral “white team.” “There are lots of incidents at the same time and maintaining control of your team in a perfect storm is a significant challenge.”
That makes it a natural fit for the US Cyber Brigade, which defends infrastructure and “terrain” at US military bases: power plants, water treatment systems, air traffic control, and base fuel supplies. That also should drive home just how important it is to make a good showing the second time out.
How badly did things go for the US last year? The red team took control of its drone, made it fly in circles until it ran out of fuel, and crashed it into the virtual ocean.