ForPublicUse
1
BalticCyberShieldCyberDefenceExercise2010
AfterActionReport
ExecutiveSummary
BalticCyberShield(BCS) is an internationaltechnicalcyberdefenceexercise (CDX). It was first time
executedinMay2010althoughaproofofconceptexerciseconductedin2008precededtheevent.
The exercise was organized in collaboration with several organisations coordinated by Cooperative
CyberDefenceCentreofExcellence(CCDCOE)and
SwedishNationalDefenceCollege(SNDC).Besides
CCDCOE and SNDC the main contributors were Swedish Defence Research Agency (FOI), Estonian
CyberDefenceLeague(ECDL),SwedishCivilContingenciesAgency(MSB),SwedishNationalDefence
Radio Establishment (FRA), NATO Communication and Information Systems Services Agency
ComputerIncidentResponseCapability‐TechnicalCentre(NCSANCIRC‐TC),
andClarifiedNetworks.
DuringtheexercisesixBlueTeams,composedofpublic,privatesector,andacademicpersonnelhad
todefendvirtualcomputernetworksagainsthostileRedTeamattacks.Thegamescenariodescribed
avolatilegeopoliticalenvironmentinwhichanewly hiredteamofcybersecurityexpertswas asked
to defend the
IT systems of a power generation company in the face of increasingly sophisticated
attacksby agroupof hackers. TheBlue Teams werecompeting with eachother and theiractivities
weremeasuredbyautomaticandmanualscoring.
Theexercisewasperceivedasagreatsuccessbyalltheparticipants,especially
bytheBlueTeams.An
overallobjective of theexercisewastogatherlessonsidentifiedforthefuture,somethingthatwas
fulfilled and is reflected in the following. The purpose of this report is to identify what the lessons
identified–latertobelearned–werefromplanningandexecuting
theBalticCyberShieldexercise.
