2010-05-17 21:55 Experiences from the Baltic Cybershield Exercise
Picture: A screenshot from Swedish mainstream
television. Mikael Wedin explains the live events of the
game using the Clarified's topology view running in
We got the opportunity to participate in Baltic Cybershield Exercise 10-11.5.2010:
Tallinn – 3 May, 2010. An International Cyber Defence Exercise on 10-11 May the Baltic Cyber Shield will give its participants a practical hands-on experience in defending computer networks. The event is jointly organised by the Cooperative Cyber Defence Centre of Excellence and several Swedish governmental institutions.
Needles to say, it was a blast. Our main objective was to bring the event closer to media, observers and visitors through visualizations. Our secondary objective was to facilitate the communication between teams and observers, using CollabHosting services. Primary objective was a success, in the sense that the visualizations showed up also in the mainstream media, such as Swedish TV. Also the communication services worked fine. So, even though there is always room for improvement (if there only was unlimited time), we are happy.
In the middle of fun, we had our share of sweating. We were overwhelmed by the number of users tapping in to a single recording server. Luckily our partners at FOI were prepared, and they quickly added more recording resources as the game activity started to increase significantly. As every proper exercise has to include incidents, as dictated by the Murphy's law, we got nice crisis situation simulation ourselves. For example, despite the clean shutdown, one maintenance task left RAID array in the recording servers disks to inconsistent state, causing imminent rebuilding of RAID array, killing half of the IO in that specific server. All this time our team was able to keep the services responsive to different defending teams - most impact was on the services for the green team, who was observing all the traffic. So big hand for people at FOI and our own team. All-in-All with some intensive care, the visualizations served their purpose - providing a communication tool for people observing the event.
We had 3 basic visualizations:
- Earth View presenting real internet traffic, mainly showing connections from the participant countries to Swedish virtual gaming environment.
- Fake Earth view, where different private address spaces of different blue teams were mapped to certain countries.
- Topology view - which documented the networks of different blue teams (the defenders), red team (attackers) and green team (generic gaming infra)
I'm not sure I can say specific names here, so I would like to express my respect to all the people who worked hard (long days and weekends) to make the exercise happen. You made an exercise which seems to be extremely rare in its level of practicality. Thanks also to Mika, Mikko and Marko for good job under simulated chaos.
-- jani 2010-05-17 19:23:58