NATO Holds Annual Cyber Defense Exercise

← Back to Stories (view on slashdot.org)

NATO Holds Annual Cyber Defense Exercise

Posted by samzenpus on Sunday April 28, 2013 @03:02PM from the how-about-a-nice-game-of-chess? dept.

Bismillah writes about NATO's annual Locked Shields cyber defense exercises. "The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks. Called Locked Shields 2013, the exercise involved 250 people in eleven locations around Europe, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCD-COE), the Finnish and Estonian Defence Forces and two government IT security organisations in the Baltic country."

41 comments

Min score:

Reason:

Sort:

And the winner is by Anonymous Coward · 2013-04-28 15:20 · Score: 0

who?
1. Re:And the winner is by Errol+backfiring · 2013-04-28 21:09 · Score: 1
  
  ARPAnet?
  
  --
  Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Team members ... by Kittenman · 2013-04-28 15:25 · Score: 2

FTFA ..."For two days the Red Team launched attacks against the Blue Teamsâ(TM) networks and they had to defend, report and keep their systems running. ...NATO's Blue Team were declared the winners of the this year's exercise."

Would have been better to have the 'red team' made up of a bunch of hardened cyber criminals. Crackers, if you like. This sort of thing smacks of testing being done by developers.

--
"The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
1. Re:Team members ... by cheater512 · 2013-04-28 16:00 · Score: 5, Interesting
  
  Would have been better if the Red Team was the entire world.
  They could announce the IP block they would be using to the world and anyone could throw anything they wanted at it with no fear of prosecution.
  The Blue Team would then actually have a real challenge on their hands.
2. Re:Team members ... by phantomfive · 2013-04-28 16:02 · Score: 2
  
  Sadly, your quote is about all the article says about what happened.
  
  For all we know, they were sitting there playing Core War all weekend. Which would be interesting, but perhaps not useful.
  
  --
  "First they came for the slanderers and i said nothing."
3. Re:Team members ... by Fluffeh · 2013-04-28 17:07 · Score: 1
  
  Would have been better if the Red Team was the entire world.
  They could announce the IP block they would be using to the world and anyone could throw anything they wanted at it with no fear of prosecution.
  The Blue Team would then actually have a real challenge on their hands.
  And how on earth are the good (Blue Team) guys going to win in this sort of scenario?
  The point of this whole setup is as much to say "Our defences are good. We have nothing to worry about" as it is to test for some abvious intrusion method or problem. If they run this in a test, then get hammered in a months time then they can say (with legitimacy hehe) "The ememy used a SOPHISTICATED! attack method..." which we were totally unprepared for.
  
  --
  Moved to http://soylentnews.org/. You are invited to join us too!
4. Re:Team members ... by cheater512 · 2013-04-28 17:15 · Score: 2
  
  "They bludgeoned us to death with blunt hammers"
  If the test is there to actually learn stuff (and not just to tick a box) then testing whether sensitive networks are safe kinda means you have to plug them in to the internet.
  If it isn't a internet connected network then the headline should be "Breaking News: Completely isolated network deemed inaccessible from the Internet"
5. Re:Team members ... by im_thatoneguy · 2013-04-28 20:04 · Score: 1
  
  I suspect what would happen is that there would be a DDOS attack on day one and the whole exercise would be pointless since the only thing compromised would be the internet gateways to those IPs.
6. Re:Team members ... by cheater512 · 2013-04-29 10:41 · Score: 1
  
  So....they failed.
  We can't have that can we?
Would have been better if... by Anonymous Coward · 2013-04-28 15:36 · Score: 1

Blue teams servers were on a private network not accessible to Red Team, then they'd be network professionals.
If there's no battlefield, there's no battle.
1. Re:Would have been better if... by hlavac · 2013-04-28 22:59 · Score: 4, Insightful
  
  Then some idiot brings a USB key he found on the parking lot :)
joshua by Joe_Dragon · 2013-04-28 16:02 · Score: 1

do you want to play a game?
Blue teams challenge.... by Anonymous Coward · 2013-04-28 16:08 · Score: 0

"Would have been better if the Red Team was the entire world....The Blue Team would then actually have a real challenge on their hands."
Blue team challenge is to unplug the router from the public network, not much of a challenge!
General: "We need to secure our network, how do we do it?"
Soldier: "Well, we could just pull this jack here, the one connecting our critical systems to the public network the enemy are using!"
General: "Will it stop me surfing FB on my security PC?"
Soldier: "Very much so"
General: "Then the terrorists have won! Come up with another solution!"
IMHO, the call it Cyber DEFENSE games, but its really Cyber OFFENSE games. To defend is really simply, its you that provide the network infrastructure connecting (exposing) your systems to public networks. So you don't connect any critical to the public network. Really they're hoping everyone else is incompetent but themselves, with exposed critical systems to attack.
1. Re:Blue teams challenge.... by Gogo0 · 2013-04-28 19:28 · Score: 4, Interesting
  
  these things are usually conducted either from a valid account (lowest-level guest privs) or only physical access to a network asset -both from within the network boundary. there are plenty of outside attempts every day to determine if current boundary defenses are robust enough to keep out those who are trying to get in (not to say it couldnt be better).
  
  the point of these is indeed to test defenses, as there are people with teams (to varying degrees of effectiveness) assigned to every military network solely to defend their network through internal culture, device hardening, regular auditing, and other such preventative measures. the Red Teams are very few in number and most i've encountered have a high level of skill in their particular area and are good at weeding out even small but dangerous deficiencies.
  
  typically a red team exercise is also a secret to the target, so there is no opportunity to unplug the router until various monitoring systems detect something scary enough to make you want to do that. i dont like the idea of it being a known event, i've seen plenty of units "prepare" for a planned network security inspection by hiding things or patching deficiencies enough to hold them until after the inspection team has left. yes, people unplug stuff so the inspection team doesnt see it, its quite possible the same thing happens during this highly-publicized (and thus highly-political) NATO exercise, but that depends on the vigilance of those in charge of the information security program and the quality of their boss and their boss's boss (etc), many of whom would not risk a black eye for something as silly as network security (typically something that only receives focus when there is an exercise such as this).
The best form of defence is a good offence by OhANameWhatName · 2013-04-28 16:21 · Score: 5, Funny

defending a fictitious network against incoming attacks
I bet the network was named:

Computer
Hookup
Imitating
Network
Attacks

:)
1. Re:The best form of defence is a good offence by freezin+fat+guy · 2013-04-29 02:04 · Score: 1
  
  that or
  Intelligence
  Seeking
  Root
  Access
  Extraction
  Line
Cyber Defense Exercises by Anonymous Coward · 2013-04-28 17:05 · Score: 1

1) Ethernet Jacks
2) 50 Yard Dashboard
3) Calves and Quadricores
4) Weights and Load Balancing
5) Integrated Circuit Training
Good Initiatives by khalil5172 · 2013-04-28 17:30 · Score: 0

In recent, cyber crime is growing rapidly as a result a huge number of web site and web resource come under thread. I expect the initiative that are taken by NATO and Europe will be succeed to defend such crime effectively. http://www.chatobstewart.com/
1. Re:Good Initiatives by Anonymous Coward · 2013-04-29 06:57 · Score: 0
  
  i think you are drinking the kool aid, friend. 'cyber crime' is their cover for an attempt to put an end to free discussion among ordinary people.
"the Baltic country"? by Anonymous Coward · 2013-04-28 17:57 · Score: 0

This is what happens when some two-bit blog summarizes a story without bothering to make sure it makes sense. Finland and Estonia would be - two separate Baltic countries.
Any bets which one TFS/TFA means?
1. Re:"the Baltic country"? by Anonymous Coward · 2013-04-28 20:51 · Score: 0
  
  Except Finland is not a Baltic country (even though according to wikipedia, it was included the time between world wars), though that "and two government IT security organisations in the Baltic country." sentence is a bit weird. Digging through the links, i found this "in cooperation with Estonian Defence Forces, Estonian Cyber Defence League, Estonian Information Systems' Authority, Finnish Defence Forces and many other partners". So apparently there were to organisations from Estonia, don't know if both are government organisations though.
A hackathon? by AtomicSymphonic · 2013-04-28 18:21 · Score: 1

So this is essentially a hackathon? Please, correct me if I am wrong...
1. Re:A hackathon? by hene · 2013-04-28 19:52 · Score: 1
  
  No! It was coordinated exercise. Like NATO newer publicly admitted if red team had won.
2. Re:A hackathon? by Anonymous Coward · 2013-04-29 02:14 · Score: 0
  
  That appears to be a typo. I get your meaning to be that NATO would have not publicly admitted if the 'enemy' won.
  It is untrue. There have been several occasions within the US military, joint operations, and NATO where the opfor (opposing force) won, The exercises are not a political or propaganda statements. They are held to learn something.
  The latest 'failure' was some American navy vessels unable to defend against multiple small gunboats. An opfor commander saw a hole, exploited it, and it worked. Later that weakness was rectified after thorough analysis. If anything this event could have been a disappointment if the red team did not pose a major challenge.
Re:Your tax dollars at waste by Anonymous Coward · 2013-04-28 22:34 · Score: 0

We already know about vulnerabilities in military systems - whistleblowers point them out all the time and then the get sued for 'espionage' by the fucking government because ass rape contractor one doesnt want their precious 500 million dollar project to go down the shitter and their 'reputation in the security community' to get unduly tarnished to the extent they can no longer be payed $500,000 grand a year to sit on the board of some circle jerk fucking pseudo-think-tank and butt rape our nation into fucking poverty with their alarmist whorish bullshit PR campaigns. Example Number Fucking One - the Chertoff group - thats right kids. The guys who fucked up 9/11, Katrina, etc, can now be payed millions of dollars to slap their dicks across our collective faces over and over and jizz the press with bullshit and pay off their friends in the government to non-regulate them, classify everything they do as top secret, and otherwise put their penis-tentacles into your pockets, open your wallet, and destroy the future of your children.
This is the penultimate description of the American Dream.
Did you read by Anonymous Coward · 2013-04-29 00:26 · Score: 0

Fictious network defense, no not even a hackathon. Another attempt to justify their network being on the internet. I still say, if its hooked to the network, if it's hooked to the internet, its hackable by the poorest of nations, even people.Even poor peoople, that you are trying to kill. But then even to commit the crimes those people admit too, So would you say, this is an attempt too "get" a security contractor some money? Was Darpanet too full of itself, had a contact to trace, or another contractor to award money too.
Re:Your tax dollars at waste by Korruptionen · 2013-04-29 00:35 · Score: 1

Dan Dreiberg: What happened to us? What happened to the American Dream?
Edward Blake: "What happened to the American Dream?" It came true! You're lookin' at it...
Re:Your tax dollars at waste by LordNelsonthe2nd · 2013-04-29 01:39 · Score: 1

You mean an average of two "fuck" per sentence, or did the post contain more than that? It seems that word has substantial meaning to the poster ;)
Re:Magic missile. by zlives · 2013-04-29 06:22 · Score: 1

though not related, it did make me laugh, also grey eyes
Re:Your tax dollars at waste by Anonymous Coward · 2013-04-29 07:05 · Score: 0

please hold the language a bit, amigo. most people here see eye to eye with you, but your mode of expression alienates folks who are still outside the choir. we have the truth and it will prevail if we keep pushing, calmly.
Blue team wins by manu0601 · 2013-04-29 14:42 · Score: 1

The blue team win. I am surprised that network can be secured against determined state-sponsored attacker. I suspect red team did not try very hard.