The Baltic Cyber Shield was an activity arranged by FOI in cooperation with the Swedish National Defence College (FHS), the Swedish Civil Contingencies Agency (MSB) and NATO’s Cooperative Cyber Defence Centre of Excellence (CCD COE). In this technical exercise (or competition if you will) six teams of network security experts defended critical infrastructure networks against a group of professional penetration testers.
In this exercise the scenario was as follows. Threats had been directed towards critical infrastructure owners. At a given day, a series of cyber attacks would be launched in order to damage the industrial control systems used to control the critical infrastructure. The six blue teams had been called in by the critical infrastructure owners to defend their IT systems (which were in a poor shape overall). A number of constrains were placed on the blue teams. For instance, they had to keep certain inbound and outbound data flows alive and they could not reboot all machines. During two days the teams did their best to defend their networks against a large group of professional penetration testers.
A number of organizations and nations were involved in the Baltic Cyber Shield. The role of FOI was that of the “green team", in other words, to create and maintain the technical infrastructure.