Locked Shields 2024 - Australian Team & Partner Run

What is Locked Shields?

Conducted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, this annual exercise enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects. Locked Shields is the world’s largest and most complex international live-fire cyber exercise.

For four consecutive days, more than 3,000 experts from military, government, academia, and industry collaborate to defend simulated national IT systems and critical infrastructure against a massive cyberattack. 

The exercise deploys over 5,500 virtualised critical systems replicating the operations of a small independent country, that is subject to over 8,000 attacks. In addition to securing complex IT and operational systems, the participating teams must be effective in a wide range of disciplines, including reporting incidents and solving forensic, legal, media operations, and information warfare challenges. 

Australia’s first participation in 2023 led by the Australian Cyber Collaboration Centre

In 2023 for the first time in the thirteen years Locked Shields has been running, Australia participated in the Partner Run. The function of the Partner Run is to test the Game Day scenario, systems and technology before the main event in April, honing the red team tactics for the full exercise. The partner run is a crucial component of the full-scale exercise and many of the teams in the partner run train for up to six months.

In early April, the Australian Cyber Collaboration Centre (Aus3C) in association with the University of Adelaide, facilitated the Australian participation in the Locked Shields 2023 Partner Run with its members McGrathNicol, CyberOps, Flinders University, DTEX, SecureState, SAAB, CISCO, Veroguard and SA Power Networks.

Utilising the most technically advanced commercial Cyber Range in the Southern Hemisphere, the Locked Shields Partner Run was hosted at Aus3C’s home base in South Australia’s Innovation Precinct, Lot Fourteen.

Australia’s involvement in the Partner Run is a display of our nation’s capability and increasing strength in the international ecosystem as the cyber defence of sovereign critical infrastructure comes into even sharper focus.

Registration closed. LS 2025 registration opening soon.

Australia’s first Locked Shields Team 2024

In 2024, Australia will not only be participating in the Partner Run, but will also form a team to be part of a multi-national squad, anchored by Australian experts, with international participants, to train, build, and deploy for and ultimately compete in Locked Shields, April 2024.

To form the team, Aus3C, together with their member partners, will take on a squad of up to 200 people across 20 areas of responsibility, through a 6–8 week preparation program. In early March participants from this squad will be selected for either the Partner Run or Locked Shields Australian Team.

The preparation program will hone skills for a multitude of cyber skill areas from SOC operators, and incident responders to cyber security communications and legal experts. The diversity, complexity, and fun of the exercise are unrivaled in training experiences.

Locked Shields teams must be effective in reporting incidents, executing strategic decisions, and solving forensic, legal, and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks, and attack methods.

The Australian Locked Shields 2024 team is a combined effort bringing together industry, government, and academia to work and learn together to keep our critical infrastructure secure. 

Join the Squad

We’re looking for Australian cyber experts to join the squad who will participate in the preparation program and potentially be chosen to join the Partner Run or Locked Shields Australian Team.

Ensure you are available for the key dates, then read through the skills areas that we are looking for (listed below) and fill in the form to apply to join the squad.

If you have any questions, please use the Contact Us form at the bottom of this page and we’ll get back to you shortly.  

Key Dates

Preparation Program

RangeForce online training

Self-paced and participant determined (over 100 hours available across modules)

February - April

Technical Generalist Deep Dives 12-29 February - TBD anticipated 2-8 hours

Technical deep dives and Main Exercise team specific training 04 March - 05 April - TBD anticipated 2-8 hours

Partner Run

6 - 7 March - 2 Full Evenings

(until early morning as the event runs in the Estonian Time Zone UTC+3)

Locked Shields Reconnaissance

15 - 19 April - reconnaissance and familiarisation period

Locked Shields Event

22 - 26 April - Main Exercise

(until early morning as the event runs in the Estonian Time Zone UTC+3)

Cost

Aus3C Member: $129 per person 
(to access this discounted cost, apply below with your member organisations email address)
Non-Member: $229 per person 


Cost Includes: 

  • Professional development, using the RangeForce, a realistic environment that accurately reflects today's threat landscape to improve your cyber readiness skills

  • A self-paced training environment 

  • Technical Generalist Deep Dives 12-29 February - anticipated 2-8 hours

  • Technical deep dives and Main Exercise team specific training 04 March - 05 April - TBD anticipated 2-8 hours

  • Locked Shields Main Exercise - reconnaissance and familiarisation period 15-19 April

  • Participation in the Partner Run or Locked Shields Event

Locked Shields Skill Areas

There are many roles played in a Locked Shields team, please read the below and choose your top four skill areas that you could contribute to the squad and choose them in the below form when applying.

Operational Team Roles

Networks & Telecoms: Monitoring, detecting, analysing, reporting, resolving security incidents. Analysing logfiles and packet captures to detect incidents. Examples include validating firewall rules, granting access to hidden subnets, fixing VPN profiles,

Linux: Examples include updating/hardening Ubuntu 18.04 & FreeBSD 10 servers, identifying indicators of compromise

Windows: Examples include updating a DC from Server 2022 RTM, deploying applications via PDQ, incident investigation/response.

Web: Experience with various web application and API development frameworks and languages to respond to update/harden web servers/applications and respond to incidents. Examples may include, validating mod_rewrite rules, hardening Wordpress, and remediating defaced websites.

Identity Providers (Entra/AD/SSO): Examples include validating existing users

Azure/Microsoft365

OT & Satellites

Virtualisation/Containers

Analysis and Communications Team Roles

Forensics Challenge: Host forensics - Windows/Linux/macOS memory analysis, Network forensics – network devices, firmware, memory and network traffic, Malware analysis including reverse engineering.

Public Relations & Media: Effective and multi-layered crisis communication during a severe and complex cyber incident. Experience in or attended media training before.

Legal, Regulatory & Internal/International Comms: Advisors are required to deal with cyber-related issues – knowledge of information technology sectors.

Strategic Communication and Misinformation Campaigns: Augment the technical track with information and misinformation environment aspects to raise the levels of realism in the overall virtual environment.

Support Team Roles

Programming/Tooling Support: Examples include writing scripts to import and export credentials from different vaults, scripts to automatically assess, patch and remediate vulnerable nodes, monitoring and reporting tools, and to assist triaging and responding to an incident.

Range Infrastructure: Examples include building vulnerable EC2 instances inside our virtual range, and managing VLANs and ACLs on our physical infrastructure.

Internal Tenancy/Account Management

Reporting Team

Fusion Team - links across all tech and non-tech teams

Training: Examples include training students and professionals on specific tools, regulatory processes, or incident response procedures.

Contact Us

Have a question?

Fill in the form below and one of our team will be in touch shortly.

Subscribe

Sign up to our newsletter to stay up to date with the latest training, opportunities and events at the Australian Cyber Collaboration Centre.