Locked Shields 2014 After Action Report
Executive Summary
Locked Shields (LS) 2014 was a technical cyber defence exercise conducted on
May 20-24, 2014. The game-based scenario placed the teams in a fictional
country of Berylia which fell under increasing cyber attacks. The real-time
network defence exercise was built up as a competitive game in which the
defending teams were scored based on their performance.
LS14 was organised in cooperation with the NATO Cooperative Cyber Defence
Centre of Excellence, Estonian Defence Forces, the Estonian Information
Systems Authority, the Estonian Cyber Defence League, Finnish Defence Forces
and many other partners.
Twelve Blue Teams consisting of up to 16 members were tasked to protect pre-
built networks of fictional organizations against Red Teams’ attacks; handle the
incidents and share the findings with the White Team and other Blue Teams;
respond to legal, media and scenario injects; and solve forensic challenges. The
teams were participating from their home countries; exercise control was
located in Tallinn, Estonia.
Main Findings
The network the Blue Teams had to defend was larger than in previous years
and consisted of 50 virtual machines per team. It was the first LS where the
technical environment had full IPv6 support, which was implemented in dual-
stack configuration. The training audience was also challenged with
technologies with which many were not very familiar - FreeBSD based pfSense
firewalls, Voice-over-IP infrastructure built on Cisco Unified Communications
Manager, IP cameras and Android VMs.
