Sweden ranks highest in the world’s major cyber defence exercise

On 13-15 April, the cyber defence exercise Locked Shields 2021 was held, with 22 participants from 22 different countries. The Swedish Armed Forces participated with the Swedish Police, the Swedish Security Service and the Swedish Civil Contingencies Agency and this team performed the best.

Circut boards mounted on a screen.
Sweden was the best cyber defender in the Locked Shields exercise 2021. Photo: CCDCOE

“We have shown that cooperation is a factor for success and that we can face IT attacks jointly in a complex environment. In addition, Sweden’s joint cyber defence capability has been considerably enhanced”, says Jan Fernquist, cyber analyst at the Swedish Armed Forces and project manager of the Swedish team.

The Swedish performance was carried out in a Covid-secure way, with personnel scattered in Enköping, Örebro, in Sörentorp and Kungsholmen in Stockholm. An additional number of participants took part in the exercise at home, at a distance. The first round of conscript cyber soldiers also participated in the exercise. They were able to cooperate with professional cyber defenders from the four organisations. In this way, they were able to employ their newly acquired skills.

“All organisations were impressed by the soldiers’ ability to gain an understanding of complex matters, and they contributed a great deal to the excellent outcome”, says Jan Fernquist.

The Locked Shields exercise is organised by NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence) in Tallinn. This year, the 22 participating blue teams were to defend 5 000 virtual systems that were exposed to more than 4 000 attacks from a red team, consisting of 90 individuals. The scenario was to assist the fictitious country of Berylia, which is exposed to massive cyber-attacks, and the competing teams were assigned the tasks of safeguarding networks and vital services.

“The systems were a bit strange, full of spam, since the opponents had already been there, leaving a lot of malware in the web”, says Jan Fernquist.

The systems consisted of regular business systems but also SCADA systems, mobile networks, air defence systems and a satellite. The complexity of the environment is considerable. An important task in the exercise was to report deficiencies found and measures taken.

“Except for the technical game itself, there was also a forensic feature, including the analysis of computers and USB memories, a legal feature with tricky questions on international law and various juridical matters, as well as a media game, in which a journalist asked questions about the incidents”, says Jan Fernquist.