More than 400 cyber attacks must be repelled by Blue Team 7, which is made up of Switzerland, Austria and the United States.Image: DDPS
More than 400 cyberattacks are planned in the coming days in Switzerland, Austria and the United States, as part of the global cyber defense exercise Locked Shields 2024. Swiss companies such as La Poste, SBB and SIX are participating. also.
Othmar von Matt / ch media
In the main command room, the tension is palpable. The cybernetics specialists from Switzerland, Austria and the United States, some in uniform and others in civilian clothes, listen attentively, silently and seriously, to the instructions of the Swiss officer. He explains, in detail, how communication within the group will take place over the coming days during the cyber defense exercise. Everything is in English.
The “War Room” is located somewhere in the Swiss Alps. Its location is kept secret. Inside, desks, high-performance laptops and screens fill the space. Enigmatic panels hanging from the ceiling divide the room into CDC (Cyber Defense Cell), WPN (Weaponry), ICS (Critical Infrastructure Systems) and SYS (Systems) – the various specialist teams. The concrete walls are covered with tightly packed sheets of paper and giant screens. Despite the open windows and freezing temperatures outside, the heat is overwhelming inside, caused by high-tech laptops.
“We are ready to fight”, declares a Swiss officer who prefers to remain anonymous. It’s Monday afternoon. In a few hours – Tuesday – starts the more than 400 cyber attacks for which cyber specialists from three nations are preparing. They are part of Locked Shields 2024, the largest and most complex multinational cyber defense exercise in the world launched in 2010.
Final discussions in the Main War Room, just before the start of Exercise Locked Shields 2024.Image: DDPS
More than 100 specialists in cybernetics, communication and law from Switzerland, Austria and the United States form the Blue 7 team, one of 17 teams. In total, 4,000 IT experts from 40 countries are participating in the exercise. The regulations require States to group together into teams.
The state of “Berylia” is highly threatened
The 18 Blue teams are tasked with defending the fictional island state of Berylia, located in the northern Atlantic, which is in trouble due to massive cyber attacks launched by a neighbor. This is the scenario imagined by the NATO Cooperative Cyber Defense Center of Excellence (CCDCoE) in Tallinn, Estonia. The latter, accredited by NATO, was established with the aim of training and developing civilian and military specialists in cybernetics, while remaining independent of NATO command structures.
For training purposes, the center has specially developed a dedicated virtual platform, a Cyber Range. This includes a set of 6000 systems, covering the entire critical infrastructure of the fictional island state of Berylia: from government, military, communications and power networks, to 5G mobile phone platforms, satellite simulations, gas pipeline systems and artificial intelligence platforms integrated.
The complexity of the exercise is highlighted here. It involves several overlapping levels of intervention. Cyber experts must counter complex attacks, while communications specialists must detect false information and inform the public, while monitoring media and social networks. Legal experts must also determine what defense measures are permitted under international law for the island state of Berylia.
Last week, the Blue 7 team prepared for “hardening”. This term designates, in the field of IT, the process aimed at strengthening the security of a system. The Red team, based in Tallinn, will aim to encounter as many difficulties as possible.
In search of digital gold
Lt. Col. Bastien of Blue Team 7 discusses how the team prepared to repel a cyberattack. This can be executed according to the “Cyber Kill Chain” model: the attacker goes deeper and deeper, step by step.
“We made combat preparations, prepared defense positions and mounted security measures, all in cyberspace under our responsibility”
Lieutenant Colonel Bastien of Blue Team 7.
“We have increased security measures,” explains Lieutenant-Colonel Bastien of Blue Team 7.Image: DDPS
Hauptmann Marcel Taschwer, spokesman for the Austrian army, explains: “It is comparable to the measures one takes to protect one’s house against burglars.”
“We check if the windows and doors are closed, if no door is open for the cat in the cellar, and if the motion detectors, surveillance cameras and alarms are activated.”
Hauptmann Marcel Taschwer
The burglar wants to access the safe. This is also what cyber intruders want – symbolically. But they are looking for digital gold: data. To do this, they navigate from room to room. It is therefore essential in the IT field that when installing new systems, all passwords are reset. Owners should ensure that access is not blocked only after an intruder attempts 15 different passwords to access the system, but on the third attempt.
However, implementing security measures is a delicate exercise. The Blue 7 team must find the right balance when it comes to password protection and other security measures. Otherwise, the population of the island state may encounter difficulties accessing the island’s critical infrastructure and may complain. In Tallinn, the exercise team evaluates all of these elements for each of the 18 participating Blue teams. Victory in the Locked Shields 2024 exercise goes to the team that accumulates the most positives at the end.
Participants are delighted with the exercise structure. “This exercise strengthens our defense capability – and collaboration with other countries is a crucial factor in this,” says Lt. Col. Bastien of Blue Team 7.
“The exercise brings considerable added value”
Divisional Simon Müller, head of the army’s Cyber Command, visits Blue Team 7 in the Swiss Alps.Image: DDPS
Participation of heavyweights of Switzerland
Not only military personnel are taking part in the exercise, but also specialists from the federal administration and Swiss companies. “Companies can participate”says Frederik Besse, head of communications for the Swiss Army Cyber Command.
“This especially benefits operators of critical infrastructures”
This is the case of the old federal government. A team of cyber specialists is participating in the exercise to practice procedures and improve collaboration, said SBB, whose aim is to continually develop the cyber organization.
“In the event of incidents, close cooperation with the authorities and other partners is very important”
SIX Group, a Swiss stock exchange operator, is also participating in the exercise. “As a systemically important national financial infrastructure, we attach great importance to cyber defense,” insists Alain Bichsel, chief spokesperson. The Vaud cantonal police participate with its cyber investigations department:
“We are seeking to improve our cantonal intervention group in the event of a cyber attack”
The Post Office, the Zurich cantonal police and the Zurich University Hospital also sent delegations. The police aim to “consolidate procedures and processes in collaboration with partner organizations” within this framework. The university hospital, for its part, seeks to promote cooperation and exchanges “to face the threat of cybercrime”.
The overall exercise takes place against the backdrop of Russia’s war of aggression against Ukraine and Russian cyberattacks in Europe. This is confirmed by Mart Noorma, director of the CCDCoE in Tallinn, CH Media.
“We use the lessons learned from the defense of Ukraine to develop all the center’s products and services that we make available to NATO and our member states”
The “Locked Shields 2024” exercise would also be part of this.
