This year Finland takes first place in one of the largest and most complex live cyber defense exercises in the world, certainly the most important of NATO, which was held in Tallin from 19 to 22 April.
For the exercise, as always happens, a fictional scenario was created, based on an island state called "Berylia".
The scenario predicts that Berylia is subject to attacks on military and civilian networks and systems. Its main critical infrastructures (water, electricity, banks ...) and the Blue Team allies are called to help.
With around 5500 virtual systems (simulating Berylia's networks and systems) and more than 8000 cyber attacks in just over three days, it's not easy.
The exercise is not only of a technical nature. The political, legal and financial strategic level was also taken into consideration, pushing the participants to make decisions in a short time and in a highly complex environment.
It is in this context that the team of Finland has shown its superiority.
Immediately after the Finland, the joint team ranked Lithuania-Poland, while the third place went to the team Estonia-Georgia.
The exercise - organized by Cooperative Cyber Defense Center Of Excellence (CCDCOE) in collaboration with NATO, Siemens, TalTech, Clarified Security, Arctic Security, CR14 - saw the participation of 24 teams (for about two thousand experts from 32 different nations) as defenders (Blue Teams). Participants also included experts from Ukraine.
After the data, necessary to understand the size of the exercise, some considerations are necessary.
The first thing you notice is the absence, in the first places of the ranking, of countries such as the United States, UK, France, in favor of smaller countries in northern Europe, linked in joint teams.
How much this can be an indication of a different policy in the choice of participants by the different States or in some way of the level of the participating nations is of course all to be demonstrated. We remember in fact that it is still an exercise that, however realistic it may be, cannot highlight (if not partially) the real preparation of a State to face a cyber crisis.
Secondly, it is interesting to note the little publicity around the results of the exercise and its more technical aspects. This shows, in my opinion, a certain tendency to spread this kind of knowledge only within a small circle of people.
This can be interpreted in different ways.
It may be thought, at first glance, that the organization (NATO CCDCOE) considers the data and information collected with the exercise to be sensitive and that they are shared only with the participating countries. This line of thinking seems to be confirmed by the fact that the technical information of the exercises of the past few years is still little known.
However, it appears questionable at least not to disseminate the results and analyzes conducted during the exercise.
In my opinion, a wide diffusion of the problems encountered and the methods used to deal with them is the basis of every military exercise and serves exactly to evolve the organization as a whole.
Finally, one wonders how realistic the exercise is.
Being an international defensive exercise, it is clear that the teams involved must operate on the networks, systems and platforms of a hypothetical Alliance country, Berylia in this specific case.
To do this it is necessary that all teams have information on the systems to be protected, which in a real case is difficult to achieve.
No country that aspires to maintain a minimum of national autonomy over the security of its systems would want to make the weaknesses of its systems and platforms available to another country (allied or not).
To learn more:
Photos: BORN CCDCOE