Locked Shields is the annual exercise organised by the CCDCOE, aimed at improving cyber security professionals skills in protecting national IT systems and critical infrastructures under real-time attacks. It is a Red Team vs. Blue Team exercise, where the latter needs to counter a series of sophisticated cyberattacks under severe pressure.
This year the training event took place over two days – April 20 and 21 – and was attended by 2000+ participants from 32 nations.
Supporting a fictional country in handling a large-scale cyber incident
At the heart of Locked Shields 2022 scenario was a fictional country, facing a collapsing security situation, due to a series of coordinated cyber-attacks against its military and civilian IT systems. As a result, government and military networks, communications, water purification systems and the electricity grid were severely disrupted. For the first time ever, the exercise included the simulation of a reserve management and financial messaging systems of a central bank.
The training event involved 24 Blue Teams with approximately 50 experts each that – while protecting several cyber-physical systems – had to be effective in making strategic decisions, reporting incidents, and tackling forensic, legal and information operations challenges.
On the other hand, the Read Teams were made up of international penetration testers who attacked around 5,500 virtualized systems, for a total amount of 7,368 attacks carried out.
Italy’s participation with CORDIFESA supported by Sababa Security
The Italian Blue Team was mainly composed of military personnel and technicians from the Joint Command for Network Operations (CORDIFESA), specialised in running Defensive and Offensive Cyber Operations. However, because of our vertical expertise, CORDIFESA decided to engage Sababa Security – and a few other external partners – for further support during the exercise.
In particular, Sababa Security’s CTO, Omar Morando, and Alessandro Oberti, Cyber Security Advisor, focused on the defence of the Power Generation Plant, equipped with SCADA and PLC of one of the most popular vendors. Among the many tasks, they were responsible for identifying known vulnerabilities on the systems and reporting them, continuously monitoring devices through MDR, and protecting PLC systems with some specific custom tools.
Locked Shields 2022 was won by Finland, followed by the joint teams of Lithuania-Poland and Estonian-Georgian. In the exercise, Sababa Security was highly praised for its professionalism and promptness.