Locked Shields - Australian Team & Partner Run

What is Locked Shields?

Conducted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, this annual exercise enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects. Locked Shields is the world’s largest and most complex international live-fire cyber exercise.

For four consecutive days, more than 3,000 experts from military, government, academia, and industry collaborate to defend simulated national IT systems and critical infrastructure against a massive cyberattack. 

The exercise deploys over 5,500 virtualised critical systems replicating the operations of a small independent country, that is subject to over 8,000 attacks. In addition to securing complex IT and operational systems, the participating teams must be effective in a wide range of disciplines, including reporting incidents and solving forensic, legal, media operations, and information warfare challenges. 

Australia’s first participation in 2023 led by the Australian Cyber Collaboration Centre

In 2023 for the first time in the thirteen years Locked Shields has been running, Australia participated in the Partner Run. The function of the Partner Run is to test the Game Day scenario, systems and technology before the main event in April, honing the red team tactics for the full exercise. The partner run is a crucial component of the full-scale exercise and many of the teams in the partner run train for up to six months.

In early April, the Australian Cyber Collaboration Centre (Aus3C) in association with the University of Adelaide, facilitated the Australian participation in the Locked Shields 2023 Partner Run with its members McGrathNicol, CyberOps, Flinders University, DTEX, SecureState, SAAB, CISCO, Veroguard and SA Power Networks.

Utilising the most technically advanced commercial Cyber Range in the Southern Hemisphere, the Locked Shields Partner Run was hosted at Aus3C’s home base in South Australia’s Innovation Precinct, Lot Fourteen.

Australia’s involvement in the Partner Run is a display of our nation’s capability and increasing strength in the international ecosystem as the cyber defence of sovereign critical infrastructure comes into even sharper focus.

Registrations for LS 2025 are currently closed. Stay tuned—more details will be available soon!

Australia’s first Locked Shields Team 2024

In 2024, Australia will not only be participating in the Partner Run, but will also form a team to be part of a multi-national squad, anchored by Australian experts, with international participants, to train, build, and deploy for and ultimately compete in Locked Shields, April 2024.

To form the team, Aus3C, together with their member partners, will take on a squad of up to 200 people across 20 areas of responsibility, through a 6–8 week preparation program. In early March participants from this squad will be selected for either the Partner Run or Locked Shields Australian Team.

The preparation program will hone skills for a multitude of cyber skill areas from SOC operators, and incident responders to cyber security communications and legal experts. The diversity, complexity, and fun of the exercise are unrivaled in training experiences.

Locked Shields teams must be effective in reporting incidents, executing strategic decisions, and solving forensic, legal, and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks, and attack methods.

The Australian Locked Shields 2024 team is a combined effort bringing together industry, government, and academia to work and learn together to keep our critical infrastructure secure. 

Join the Squad

We’re looking for Australian cyber experts to join the squad who will participate in the preparation program and potentially be chosen to join the Partner Run or Locked Shields Australian Team.

Ensure you are available for the key dates, then read through the skills areas that we are looking for (listed below) and fill in the form to apply to join the squad.

If you have any questions, please use the Contact Us form at the bottom of this page and we’ll get back to you shortly.  

Locked Shields Skill Areas

There are many roles played in a Locked Shields team, please read the below and choose your top four skill areas that you could contribute to the squad and choose them in the below form when applying.

Operational Team Roles

Networks & Telecoms: Monitoring, detecting, analysing, reporting, resolving security incidents. Analysing logfiles and packet captures to detect incidents. Examples include validating firewall rules, granting access to hidden subnets, fixing VPN profiles,

Linux: Examples include updating/hardening Ubuntu 18.04 & FreeBSD 10 servers, identifying indicators of compromise

Windows: Examples include updating a DC from Server 2022 RTM, deploying applications via PDQ, incident investigation/response.

Web: Experience with various web application and API development frameworks and languages to respond to update/harden web servers/applications and respond to incidents. Examples may include, validating mod_rewrite rules, hardening Wordpress, and remediating defaced websites.

Identity Providers (Entra/AD/SSO): Examples include validating existing users

Azure/Microsoft365

OT & Satellites

Virtualisation/Containers

Analysis and Communications Team Roles

Forensics Challenge: Host forensics - Windows/Linux/macOS memory analysis, Network forensics – network devices, firmware, memory and network traffic, Malware analysis including reverse engineering.

Public Relations & Media: Effective and multi-layered crisis communication during a severe and complex cyber incident. Experience in or attended media training before.

Legal, Regulatory & Internal/International Comms: Advisors are required to deal with cyber-related issues – knowledge of information technology sectors.

Strategic Communication and Misinformation Campaigns: Augment the technical track with information and misinformation environment aspects to raise the levels of realism in the overall virtual environment.

Support Team Roles

Programming/Tooling Support: Examples include writing scripts to import and export credentials from different vaults, scripts to automatically assess, patch and remediate vulnerable nodes, monitoring and reporting tools, and to assist triaging and responding to an incident.

Range Infrastructure: Examples include building vulnerable EC2 instances inside our virtual range, and managing VLANs and ACLs on our physical infrastructure.

Internal Tenancy/Account Management

Reporting Team

Fusion Team - links across all tech and non-tech teams

Training: Examples include training students and professionals on specific tools, regulatory processes, or incident response procedures.

Contact Us

Have a question?

Fill in the form below and one of our team will be in touch shortly.

Slide1.jpg
Slide7.jpg
Slide8.jpg
Untitled-1-04.png
Slide45.jpg
Slide69.jpg
Slide11.jpg
Slide49.jpg
Slide55.jpg
Untitled-2-01.jpg
Artboard 1-20.jpg
Slide37.jpg
Untitled-2-07.jpg
Slide38.jpg
Slide58.jpg
Slide12.jpg
Slide41.jpg
Slide66.jpg
Slide13.jpg
Untitled-1-01.png
Slide26.jpg
Untitled-2-09.jpg
Slide4.jpg
Slide5.jpg
Slide70.jpg
Slide63.jpg
Slide14.jpg
Slide44.jpg
Slide40.jpg
Slide31.jpg
Slide15.jpg
Slide50.jpg
Slide48.jpg
Slide64.jpg
Slide39.jpg
Slide42.jpg
Slide17.jpg
Slide67.jpg
Slide16.jpg
Slide34.jpg
Slide3.jpg
Untitled-1-05.png
Untitled-1-03.png
Slide47.jpg
Untitled-1-09.png
Slide18.jpg
Slide46.jpg
Untitled-2-04.jpg
Untitled-2-08.jpg
Slide57.jpg
Slide30.jpg
Slide33.jpg
Slide59.jpg
Slide19.jpg
Slide68.jpg
Slide27.jpg
Slide43.jpg
Slide20.jpg
Untitled-1-07.png
Untitled-2-10.jpg
Untitled-2-05.jpg
Slide21.jpg
Untitled-2-03.jpg
Slide54.jpg
Slide22.jpg
Slide23.jpg
Slide61.jpg
Slide24.jpg
Slide60.jpg
Untitled-2-02.jpg
Slide25.jpg
Slide36.jpg

Subscribe

Sign up to our newsletter to stay up to date with the latest training, opportunities and events at the Australian Cyber Collaboration Centre.