The value of
Cyber Defense Exercises
1
Purpose and objectives
The aim is to improve information assurance in
critical infrastructure by :
 Better understanding between technology and policy
 Insight about exercise methodology
 Take advantage of acquired knowledge
 Basis for improving its own operations
2
Cyber Defense Exercises
A way of building Trust
Security is all about
Trust
Trust between people
is fundamental for any cooperation
National or International
And an efficient way of building
trust is to participate in exercises
Organization and colored teams
▪ Red Team (RT)
Plays the adversary
▪ Blue Teams (BT)
Defenders of an ICT deployment
(BT systems)
▪ White Team (WT)
Exercise control, injects, user
simulation, scoring
▪ Green Team (GT)
Master of the infrastructure and BT
systems
▪ Yellow Team (YT)
Situational Awareness, Info sharing
channels
Exercise Characteristics
WT
RT
Scenario
GT
BT
Diversity
Table-top exercise
WT
RT
Scenario
GT
BT
Diversity
BT playing different roles
RT almost non existing
Driven by the scenario
GT, communication
Roleplay by WT
Pure Technical CDX
WT
RT
Scenario
GT
BT
Diversity
BT playing the same role
Not depending on scenario
RT provides fair pressure
WT more to supervise
GT provides challenging environment
9
Concept
Technical Blue/Red Team
1 Red Team VS 20 Blue Teams
3.5 days, day=8 hours for training audience
Day0 for preparations
Day1 & Day2 for the action
Day3 for hotwash up
Game: teams in fictional roles, lab networks
Almost unknown environment
Friendly competition
Defence is the focus of training
10
Real life simulation
11
Locked Shields characteristics
WT
RT
Scenario
BT still playing the same role
The scenario drives RT objectives
The scenario is also a base for injects
(scenario, media, legal, forensic)
GT
BT
Diversity
Same injects goes to all
CRATE - Cyber Range And
Training Environment
The Swedish Defence Research Agency (FOI) develops and
maintains a Cyber Range And Training Environment (CRATE).
CRATE makes it possible to smoothly deploy and configure a
large number (thousands) of virtual machines in a controlled
environment. CRATE is also equipped with host based traffic
generators emulating user behaviour and tools for logging and
monitoring the environment. This lab resource is used to create
computer networks for use during experiments, competitions
and exercises in cyber security.
2017-07-13
13
The Handbook
▪ Handbook for planning,
running and evaluating
information technology and
cyber security exercises
▪ Based on Swedish Civil
Contingencies Agency (MSB)
exercise handbook
▪ Focusing on IT and Cyber
Defense exercises (CDX)
▪ ISBN 978-91-86137-36-6
▪ www.fhs.se/cats (pdf)
Some reflections
▪ Working under pressure together with other people to
solve some problem in a safe environment enhance the
trust-building process.
▪ Trust is fundamental for successful cooperation
between parties
▪ Running CDX is challenging, start with simple technical
or table-top exercises
▪ To build trust, a pure technical exercise with mixed
teams and high pressure from RT is good enough
▪ Don't underestimate the effort needed