JPCERT/CC participated in the Locked Shields 2021
JPCERT/CC participated in the cyber exercise “Locked Shields” organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) during 13 – 16 April 2021. We joined as a member of Japan's Blue Team. This article describes how JPCERT/CC and other members participated in Locked Shields, its objectives, the value of the exercise, and challenges.
What is “Locked Shields”?
Locked Shields is the largest and most complex international live-fire cyber exercise in the world. It has been organized by the NATO CCDCOE since 2010 and takes place annually. In 2021, the Exercise execution took place from 13 – 16 April 2021 with 22 Blue Teams including the Japan-US team. In 2021 the exercise highlighted the need for cyber defenders and decision-makers to understand the numerous inter-dependencies between IT systems. This increases the understanding of the impact of sustained and severe cyber-attacks in a society and demonstrates the importance of international cooperation.
Participating nations remotely played the exercise scenario with CCDCOE's virtualized and networked systems. The annual real-time network defense exercise was carried out by its sophisticated system and network management.
The exercise is unique in its technical and non-technical challenges. The technical exercise tested their ability to protect vital services and critical infrastructure under the pressure of a severe cyber-attack. In the non-technical challenges, Blue Teams are tasked in the context of a cyber security incident to determine and advise on a range of issues such as the effective incident reporting, the potential legal implications, simulated media interviews.
Another feature of the exercise is extensive participants from nations and partners of CCDCOE. Locked Shields 2021 organizers also invited industry partners who have extensive hands-on experience with specific systems including industrial control systems, communication systems, cybersecurity, software, finance, and space.
Blue Team and JPCERT/CC
Locked Shields is a Red Team (attacker) vs. Blue Teams (defenders) exercise with the Red Team formed by organizers and Blue Teams by participating nations. The Exercise involves about 5000 virtualized systems that are subject to more than 4000 attacks. In addition to securing complex IT systems, the Blue Teams must also be effective in reporting incidents, making and solving forensic, legal, media and information operations challenges.
There were 22 Blue Teams participating Locked Shields 2021, and this was the first time for Japan to participate in the exercise. Japan and the United States Indo-Pacific Command (USINDOPACOM) formulated a Blue Team in the exercise. Japanese side of the team consisted of members from Ministry of Defense, Self Defense Forces, National center of Incident readiness and Strategy for Cybersecurity (NISC), Ministry of Internal Affairs and Communications, JPCERT/CC, Information-technology Promotion Agency (IPA), and critical infrastructure operators. Japan and the United States Indo-Pacific Command (USINDOPACOM) formulated a Blue Team in the exercise. Japanese side of the team consisted of members from Ministry of Defense, Self Defense Forces, National center of Incident readiness and Strategy for Cybersecurity (NISC), Ministry of Internal Affairs and Communications, JPCERT/CC, Information-technology Promotion Agency (IPA), and critical infrastructure operators. Members of the team were tasked to maintain complex IT systems during cyber security incidents.
Value of Cyber Exercise
Locked Shields is a valuable opportunity for Japan from the standpoint of international cooperative exercise. Societies have become more dependent on virtual solutions to ensure continuity of societal function with increasing number of various cyber-attacks. Therefore, the exercise provided a valuable opportunity practicing cooperation between governments and private sectors.
The exercise helped cyber defenders and decision-makers to realize the criticality of coordination mechanism in protecting a nation by understanding the numerous interdependencies of IT systems. It also highlighted not only critical infrastructure operating 24/7, but also evolving technologies such as deepfakes.
Improving Incident Response and Decision Making
A remaining challenge is improving our incident response in all levels, including technical experts, policy makers, and decision makers. Locked Shields enabled participating nations to practice the entire chain of command in the event of a severe cyber security incident by various tasks of information collection and reporting, technical and legal analysis, and decision-making within limited resources and time. We believe it is necessary for Japan and its government to consider conducting such exercises as future options to achieve the better incident response.
Experts are required to explain complex situation to decision makers effectively. Incident response for a large-scale cyber-attack needs cooperation between government and private sectors based on strategic decision making for coordinated countermeasures. It requires effective reporting with a concise and clear analysis of the situation with technology, legal, and policy perspectives. Moreover, a decision maker needs to understand the interdependency of IT systems, the impact and consequence of severe cyber-attack.
Locked Shields experience reminds us the criticality of decision making while some exercises are mainly focused on information sharing. The extensive exercise will test the ability of coordinated response, information collection, chain of command, and decision-making under time and resource constraint, and reveal our next challenges. The remotely organized exercise enabled Japanese and the U.S. experts not only to enhance our capability, but also to deepen our close relationship.
- Dai Mochinaga