Trial run for cyberwar: ‘Crimsonia' on the attack in Estonia

Tallinn: “People are poisoned and dying,” whispers Merle Maigre, director of NATO’s cyber defence centre in Tallinn, Estonia.

She seems pleased.

Locked Shields 2018 in Tallinn, Estonia is the world’s biggest ‘live fire’ cyber war exercise.

We’re looking at a row of models representing water purification plants in an imaginary country known as "Berylia", which is under sustained cyber attack from "Crimsonia".

Crimsonian hackers have penetrated the small electronic boxes that control chemical additives at the plant. Suddenly, a nation’s water is undrinkable.

Maigre is no monster.

Rather, she’s pleased because her exercise is working: Locked Shields 2018, the biggest "live fire" cyber war drill in the world, has begun, and the defenders are starting to crack.

This is day one: the skirmish.

The Crimsonians are sneaking about in the water, power and mobile phone networks of Berylia, slowly expanding their control. The Berylians, realising they’re under attack, have called on NATO for help.

The NATO nations – divided for the exercise into 22 teams competing for the title of best defender – are trying to assess the nature of the threat and its origin, so they can tell their political masters who are screaming for answers.

At the same time, they’re trying to win back control of their country’s critical infrastructure, simulated in a virtual firing range.

Locked Shield is run by NATO with partners from around the world. This is the first year Australia has had an official observer.

Red Team leader Mehis Hakkala doesn’t like their chances. He’s been chief baddy in this annual exercise since 2010, and in between he runs a commercial computer penetration testing company.

“There are two types of cyber victims, those who have already been compromised and those who will be,” he says, a joke he clearly tells regularly to his corporate clients.

He can’t tell me much about what he has planned, so as not to tip off the defenders.

Locked Shields 2018 in Tallinn, Estonia is the world’s biggest ‘live fire’ cyber war exercise.

But somewhere in this virtual cyber firing range a secretary in an office, maybe in a power station, or a water plant, is going to click on a link in an email that’s going to let more of Hakkala’s team of hackers into Berylia’s systems, worming their way from the ground floor to the executive suites.

They’re going to steal some sensitive data, maybe customer data, and publish it on the internet.

But that’s just a distraction. In the meantime, they’re working their way through the network to their real goal.

“We do these things in real life as well,” Hakkala says, referring to penetration testing.

“It is fairly easy… to totally destroy an organisation or their credibility. We as the Red Team get a little bit scared of how effective that can be.”

Australia is about to officially sign up to the CCDCOE, the NATO centre that runs Locked Shields. This year we have an observer in Tallinn, next year we hope to have a full team taking part.

Lieutenant Colonel Franz Lantenhammer, chief of staff at the CCDCOE, says he expects Australia to learn a lot (most nations don’t do very well their first time at Locked Shields). But the centre will gain as well.

A soldier in simulated battle at Locked Shields 2018.

“Australia is a very valuable member. It’s part of the Five Eyes [surveillance network], it’s one of the seven MNNA [major non-NATO ally] nations. Australia… has a very experienced cyber defence community, they have faced a lot of challenges from their part of the world – which is completely different to what we have here in Europe or in the United States.”

Every year the centre discovers new challenges – and new defence deficiencies – which appear as soon as they think they’ve solved the old ones.

He is also looking to bring in a reactive, rather than purely defensive element to the centre.

Though NATO is a strictly defence-oriented pact, its members have offensive cyber capabilities, and sometimes these can or should be used to deter threats, or take out attacking forces.

The biggest rule of Locked Shields appears to be “don’t mention the Russians” – ask about the Kremlin and you just get a weary sigh – but everyone knows who is most likely to pose this kind of threat. One of the attacks in this year’s scenario is modelled on an attack that crippled Ukraine’s power network two years ago.

This is the first year Australia has had an official observer, next year the country hopes to compete to protect ‘Berylia’ from the ‘Crimsonia’ menace.

Aare Reintam, director of Locked Shields, says it’s as “cool as a movie”, though one starring tech geeks.

But everyone says that, once in a while, they imagine what it would be like if it was real.

In the main control room, lights are going out on the power grid: a hospital is in trouble, the Apple factory could be next.

Two military surveillance drones have disappeared. They’re out of military control. Where are they going?

“It’s intense,” says Major Uko Valtenburg, who’s commanding the Estonian/US Blue Team.

His colleague Tanel Sepp, from Estonia’s defence ministry, is running the strategy side of the team. He agrees.

“I don’t remember a day I had to argue so much,” he says.

“But we need to prepare ourselves for real threats. These threats we’re facing, they’re from today’s world.”

Source: Read Full Article