Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NATO Holds Annual Cyber Defense Exercise

samzenpus posted about a year ago | from the how-about-a-nice-game-of-chess? dept.

The Military 41

Bismillah writes about NATO's annual Locked Shields cyber defense exercises. "The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks. Called Locked Shields 2013, the exercise involved 250 people in eleven locations around Europe, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCD-COE), the Finnish and Estonian Defence Forces and two government IT security organisations in the Baltic country."

cancel ×

41 comments

Sorry! There are no comments related to the filter you selected.

Red Hat Down (-1)

Anonymous Coward | about a year ago | (#43577983)

We have a Red Hat Down.

Roger that... We have a penguin down in the city.

And the winner is (0)

Anonymous Coward | about a year ago | (#43577985)

who?

Re:And the winner is (1)

Errol backfiring (1280012) | about a year ago | (#43579007)

ARPAnet?

Team members ... (2)

Kittenman (971447) | about a year ago | (#43578007)

FTFA ..."For two days the Red Team launched attacks against the Blue Teamsâ(TM) networks and they had to defend, report and keep their systems running. ...NATO's Blue Team were declared the winners of the this year's exercise."

Would have been better to have the 'red team' made up of a bunch of hardened cyber criminals. Crackers, if you like. This sort of thing smacks of testing being done by developers.

Would have been better if... (1)

Anonymous Coward | about a year ago | (#43578063)

Blue teams servers were on a private network not accessible to Red Team, then they'd be network professionals.

If there's no battlefield, there's no battle.

Re:Would have been better if... (4, Insightful)

hlavac (914630) | about a year ago | (#43579307)

Then some idiot brings a USB key he found on the parking lot :)

Re:Team members ... (5, Interesting)

cheater512 (783349) | about a year ago | (#43578125)

Would have been better if the Red Team was the entire world.

They could announce the IP block they would be using to the world and anyone could throw anything they wanted at it with no fear of prosecution.
The Blue Team would then actually have a real challenge on their hands.

Blue teams challenge.... (0)

Anonymous Coward | about a year ago | (#43578163)

"Would have been better if the Red Team was the entire world....The Blue Team would then actually have a real challenge on their hands."

Blue team challenge is to unplug the router from the public network, not much of a challenge!
General: "We need to secure our network, how do we do it?"
Soldier: "Well, we could just pull this jack here, the one connecting our critical systems to the public network the enemy are using!"
General: "Will it stop me surfing FB on my security PC?"
Soldier: "Very much so"
General: "Then the terrorists have won! Come up with another solution!"

IMHO, the call it Cyber DEFENSE games, but its really Cyber OFFENSE games. To defend is really simply, its you that provide the network infrastructure connecting (exposing) your systems to public networks. So you don't connect any critical to the public network. Really they're hoping everyone else is incompetent but themselves, with exposed critical systems to attack.

Re:Blue teams challenge.... (4, Interesting)

Gogo0 (877020) | about a year ago | (#43578731)

these things are usually conducted either from a valid account (lowest-level guest privs) or only physical access to a network asset -both from within the network boundary. there are plenty of outside attempts every day to determine if current boundary defenses are robust enough to keep out those who are trying to get in (not to say it couldnt be better).

the point of these is indeed to test defenses, as there are people with teams (to varying degrees of effectiveness) assigned to every military network solely to defend their network through internal culture, device hardening, regular auditing, and other such preventative measures. the Red Teams are very few in number and most i've encountered have a high level of skill in their particular area and are good at weeding out even small but dangerous deficiencies.

typically a red team exercise is also a secret to the target, so there is no opportunity to unplug the router until various monitoring systems detect something scary enough to make you want to do that. i dont like the idea of it being a known event, i've seen plenty of units "prepare" for a planned network security inspection by hiding things or patching deficiencies enough to hold them until after the inspection team has left. yes, people unplug stuff so the inspection team doesnt see it, its quite possible the same thing happens during this highly-publicized (and thus highly-political) NATO exercise, but that depends on the vigilance of those in charge of the information security program and the quality of their boss and their boss's boss (etc), many of whom would not risk a black eye for something as silly as network security (typically something that only receives focus when there is an exercise such as this).

Re:Team members ... (1)

Fluffeh (1273756) | about a year ago | (#43578349)

Would have been better if the Red Team was the entire world.

They could announce the IP block they would be using to the world and anyone could throw anything they wanted at it with no fear of prosecution.
The Blue Team would then actually have a real challenge on their hands.

And how on earth are the good (Blue Team) guys going to win in this sort of scenario?

The point of this whole setup is as much to say "Our defences are good. We have nothing to worry about" as it is to test for some abvious intrusion method or problem. If they run this in a test, then get hammered in a months time then they can say (with legitimacy hehe) "The ememy used a SOPHISTICATED! attack method..." which we were totally unprepared for.

Re:Team members ... (2)

cheater512 (783349) | about a year ago | (#43578371)

"They bludgeoned us to death with blunt hammers"

If the test is there to actually learn stuff (and not just to tick a box) then testing whether sensitive networks are safe kinda means you have to plug them in to the internet.

If it isn't a internet connected network then the headline should be "Breaking News: Completely isolated network deemed inaccessible from the Internet"

Re:Team members ... (1)

im_thatoneguy (819432) | about a year ago | (#43578841)

I suspect what would happen is that there would be a DDOS attack on day one and the whole exercise would be pointless since the only thing compromised would be the internet gateways to those IPs.

Re:Team members ... (1)

cheater512 (783349) | about a year ago | (#43585697)

So....they failed.

We can't have that can we?

Re:Team members ... (2)

phantomfive (622387) | about a year ago | (#43578133)

Sadly, your quote is about all the article says about what happened.

For all we know, they were sitting there playing Core War all weekend. Which would be interesting, but perhaps not useful.

Magic missile. (0)

Alex Belits (437) | about a year ago | (#43578009)

To attack the darkness.

Re:Magic missile. (-1)

Anonymous Coward | about a year ago | (#43578275)

Your post doesn't make sense. Can you explain it?

Re:Magic missile. (1)

zlives (2009072) | about a year ago | (#43583157)

though not related, it did make me laugh, also grey eyes

joshua (1)

Joe_Dragon (2206452) | about a year ago | (#43578131)

do you want to play a game?

The best form of defence is a good offence (5, Funny)

OhANameWhatName (2688401) | about a year ago | (#43578221)

defending a fictitious network against incoming attacks

I bet the network was named:

Computer
Hookup
Imitating
Network
Attacks

:)

Re:The best form of defence is a good offence (-1)

Anonymous Coward | about a year ago | (#43578959)

I cant see what you did there my eyes are too slanted

Re:The best form of defence is a good offence (1)

freezin fat guy (713417) | about a year ago | (#43580317)

that or

Intelligence
Seeking
Root
Access
Extraction
Line

Look at me I'm just a taxi cab driver (-1)

Anonymous Coward | about a year ago | (#43578249)

These exercises are just an empty show of force to make it look like they are doing something. Humans are too slow to respond to any well engineered attack, they'd be off better running Norton 360.

Cyber Defense Exercises (1)

Anonymous Coward | about a year ago | (#43578343)

1) Ethernet Jacks
2) 50 Yard Dashboard
3) Calves and Quadricores
4) Weights and Load Balancing
5) Integrated Circuit Training

what a laugh (-1)

Anonymous Coward | about a year ago | (#43578345)

the u.s. 'military' and its appendages, what a laugh. their main problem is that no one with any competence wants to work for them. NSA was the last gasp, with SELinux. The latter tried somewhat reasonably to get control of the Cyber Command or whatever it's called, but the Pentagon got it, mainly so the lifers cd keep shoveling cash to and getting kickbacks from redmond and its 'ya'll come' virus (the one that invites all the other viruses onto yr hardware).

sorry, sorry b*tards. they haven't won a war since we allowed them to finish off the citizens' army.

Re:what a laugh (-1)

Anonymous Coward | about a year ago | (#43578411)

That hacker chick from Transformers. Rachael Taylor. Ya, she gave me a blow job last night. I just handed her the fucking keys. It never felt so good to lose.

what a laugh (-1)

Anonymous Coward | about a year ago | (#43578391)

the problem with the u.s. 'military' and its appendages is that no one with any competence wants to work for them. their last gasp in cyberspace was NSA's SELinux project. the latter tried somewhat reasonably to get control of the Cyber Command or whatever it's called, but the pentagon got it so the a*-licking lifers there cd keep shoveling money to and getting kickbacks from the people with the "ya'll come" virus (the one that gets into yr hardware and invites all the others in).

the poor excuses haven't won a war since they finished destroying the citizens' army.

Good Initiatives (0)

khalil5172 (1901296) | about a year ago | (#43578415)

In recent, cyber crime is growing rapidly as a result a huge number of web site and web resource come under thread. I expect the initiative that are taken by NATO and Europe will be succeed to defend such crime effectively. http://www.chatobstewart.com/ [chatobstewart.com]

Re:Good Initiatives (0)

Anonymous Coward | about a year ago | (#43583641)

i think you are drinking the kool aid, friend. 'cyber crime' is their cover for an attempt to put an end to free discussion among ordinary people.

"the Baltic country"? (0)

Anonymous Coward | about a year ago | (#43578481)

This is what happens when some two-bit blog summarizes a story without bothering to make sure it makes sense. Finland and Estonia would be - two separate Baltic countries.

Any bets which one TFS/TFA means?

Re:"the Baltic country"? (0)

Anonymous Coward | about a year ago | (#43578957)

Except Finland is not a Baltic country (even though according to wikipedia, it was included the time between world wars), though that "and two government IT security organisations in the Baltic country." sentence is a bit weird. Digging through the links, i found this "in cooperation with Estonian Defence Forces, Estonian Cyber Defence League, Estonian Information Systems' Authority, Finnish Defence Forces and many other partners". So apparently there were to organisations from Estonia, don't know if both are government organisations though.

A hackathon? (1)

AtomicSymphonic (2570041) | about a year ago | (#43578533)

So this is essentially a hackathon? Please, correct me if I am wrong...

Re:A hackathon? (1)

hene (866198) | about a year ago | (#43578809)

No! It was coordinated exercise. Like NATO newer publicly admitted if red team had won.

Re:A hackathon? (0)

Anonymous Coward | about a year ago | (#43580389)

That appears to be a typo. I get your meaning to be that NATO would have not publicly admitted if the 'enemy' won.

It is untrue. There have been several occasions within the US military, joint operations, and NATO where the opfor (opposing force) won, The exercises are not a political or propaganda statements. They are held to learn something.

The latest 'failure' was some American navy vessels unable to defend against multiple small gunboats. An opfor commander saw a hole, exploited it, and it worked. Later that weakness was rectified after thorough analysis. If anything this event could have been a disappointment if the red team did not pose a major challenge.

Your tax dollars at waste (-1, Flamebait)

Anonymous Coward | about a year ago | (#43578579)

when the fuck did computer hacking become the purview of the fucking mother goddamned military - and not even national militaries, but this fucking cold war goddamn dinosaur that was entirely based around the concept of the free world vs Josef Issaryanovich Dughashvili aka Stalin The Guy Who Killed 20 Million People That We Should Probably Stop Worrying About Because He's Been Dead Since Nineteen Fifty Fucking Three.

Fuck Nato, fuck the military industrial complex, fuck these government douchebags, fuck them wasting our money.

"oh but we must protect the nation from cyber attacks". listen douche the fucking internet doesnt care about nations anymore. corporations are certainly not single-nation based and thats where most of the cyber attacks occur.

oh but what if they find some vulnerability in a military system? We already know about vulnerabilities in military systems - whistleblowers point them out all the time and then the get sued for 'espionage' by the fucking government because ass rape contractor one doesnt want their precious 500 million dollar project to go down the shitter and their 'reputation in the security community' to get unduly tarnished to the extent they can no longer be payed $500,000 grand a year to sit on the board of some circle jerk fucking pseudo-think-tank and butt rape our nation into fucking poverty with their alarmist whorish bullshit PR campaigns. Example Number Fucking One - the Chertoff group - thats right kids. The guys who fucked up 9/11, Katrina, etc, can now be payed millions of dollars to slap their dicks across our collective faces over and over and jizz the press with bullshit and pay off their friends in the government to non-regulate them, classify everything they do as top secret, and otherwise put their penis-tentacles into your pockets, open your wallet, and destroy the future of your children.

Re:Your tax dollars at waste (0)

Anonymous Coward | about a year ago | (#43579227)

We already know about vulnerabilities in military systems - whistleblowers point them out all the time and then the get sued for 'espionage' by the fucking government because ass rape contractor one doesnt want their precious 500 million dollar project to go down the shitter and their 'reputation in the security community' to get unduly tarnished to the extent they can no longer be payed $500,000 grand a year to sit on the board of some circle jerk fucking pseudo-think-tank and butt rape our nation into fucking poverty with their alarmist whorish bullshit PR campaigns. Example Number Fucking One - the Chertoff group - thats right kids. The guys who fucked up 9/11, Katrina, etc, can now be payed millions of dollars to slap their dicks across our collective faces over and over and jizz the press with bullshit and pay off their friends in the government to non-regulate them, classify everything they do as top secret, and otherwise put their penis-tentacles into your pockets, open your wallet, and destroy the future of your children.

This is the penultimate description of the American Dream.

Re:Your tax dollars at waste (1)

LordNelsonthe2nd (2817893) | about a year ago | (#43580071)

You mean an average of two "fuck" per sentence, or did the post contain more than that? It seems that word has substantial meaning to the poster ;)

Re:Your tax dollars at waste (1)

Korruptionen (2647747) | about a year ago | (#43579693)

Dan Dreiberg: What happened to us? What happened to the American Dream?

Edward Blake: "What happened to the American Dream?" It came true! You're lookin' at it...

Re:Your tax dollars at waste (0)

Anonymous Coward | about a year ago | (#43583721)

please hold the language a bit, amigo. most people here see eye to eye with you, but your mode of expression alienates folks who are still outside the choir. we have the truth and it will prevail if we keep pushing, calmly.

Did you read (0)

Anonymous Coward | about a year ago | (#43579637)

Fictious network defense, no not even a hackathon. Another attempt to justify their network being on the internet. I still say, if its hooked to the network, if it's hooked to the internet, its hackable by the poorest of nations, even people.Even poor peoople, that you are trying to kill. But then even to commit the crimes those people admit too, So would you say, this is an attempt too "get" a security contractor some money? Was Darpanet too full of itself, had a contact to trace, or another contractor to award money too.

Blue team wins (1)

manu0601 (2221348) | about a year ago | (#43587165)

The blue team win. I am surprised that network can be secured against determined state-sponsored attacker. I suspect red team did not try very hard.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>