kosmin - Fotolia

NATO cyberwar games show the U.S. needs more practice

The NATO Locked Shields cyberwar games had the U.S. team winning most improved, but experts say the U.S. still needs more practice.

The U.S. team scored the most improved in this year's NATO Locked Shields cyberwar games, but experts said that result might not be reason to celebrate.

The Locked Shields event is a "live-fire" cyberdefense exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence in which teams are "tasked to maintain the services and networks of a military air base of a fictional country, which, according to the exercise scenario, will experience severe attacks on its electric power grid system, unmanned aerial vehicles, military command and control systems, critical information infrastructure components and other operational infrastructure."

During the cyberwar games, there were more than 2,500 possible attacks that could be carried out against more than 3,000 virtualized systems meant to simulate military air command and control systems, drone and ground control, a large-scale SCADA system controlling the power grid and programmable logic controllers.

Nathaniel Gleicher, head of cybersecurity strategy at Illumio and former director of cybersecurity policy for the White House, said this type of cyberwar practice is "essential to effective cybersecurity."

"Exercises like this are an important way that security teams can build experience for real threats. The Locked Shields war game is interesting in that it focuses entirely on defense: teams compete to protect their networks, with third parties playing the intruders," Gleicher told SearchSecurity. "This is an especially useful form of wargame -- defense is much more difficult than offense, and any opportunity our teams get to improve their skills in defense is a great opportunity."

John Bambenek, threat research manager at Fidelis Cybersecurity, said it was especially important for the cyberwar games to be "live-fire."

"Defenders learn best in a live-fire environment. When the 'red team' can simulate what adversarial nations are doing, that's even better," Bambenek told SearchSecurity. "Tabletop exercises can only take learning so far. Operators need valuable experience, and they need to do so under fire."

NATO Locked Shields results

The U.S. Army Cyber Brigade was one of 25 countries to compete in the Locked Shields 2017 cyberwar games and finished 12th, which is a marked improvement from the 2016 event where the U.S. was last out of 19 countries participating.

However, Bambenek said "given the threats we face as a nation, we simply can't accept anything less than number one."

"That said, the improvement from last place to the middle of the pack shows an increase in capability. It also shows that they are learning. That's exactly the point of these exercises," Bambenek said and noted that enterprises should take a lesson from the games. "Training, particularly hands-on training, is crucial for the continued improvement and development of defenders. Enterprises should set aside funds to participate in third-party exercises so their team can practice. Always use events within an organization as training. Successful, yet minor, breaches should not resort in blamestorming sessions. Instead, they should be used to help defenders improve."

Gleicher said the U.S. team's results offer an important lesson -- "everyone struggles with defense."

"To be honest, the cards are stacked against defenders from the beginning. The teams are placed in an unfamiliar environment to make life more difficult for them, but the truth is that most defenders are operating in an unfamiliar environment anyway because most organizations understand surprisingly little about the applications that they are protecting," Gleicher said. "If there's any lesson from this exercise and others like it, it's that we need to substantially increase our ability to understand and control the environments we are protecting."

Next Steps

Learn about the benefits of a cybersecurity training center.

Find out why pen testing should focus on risk not box-ticking.

Get info on how cyberwar games are beneficial to test enterprise security.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing