When blackout is just a click away

This article was published in the Ergon Magazine SMART insights 2023. Order your free copy now.

The Swiss Armed Forces prepare for attempted hacking by foreign states to protect the nation. Cyber attacks are on the rise, causing severe disruption to society and businesses. So far Switzerland has performed well in Locked Shields, one of the world’s most prominent cyber defence exercises. Pierre Kilchenmann, who led the Swiss Blue Team, describes a particular success. Also involved was Giorgio Tresoldi, an expert in innovative cyber defence solutions.

The power is cut. Public transport is at a standstill and medical assistance can’t get through. It is a nightmare scenario, but an increasingly frequent reality. Hybrid warfare continues to spread, and cyber attacks on critical infrastructures are growing. They are under multiple threats that go beyond simply disabling the electricity grid. Other dangers include cyber espionage and data theft for the purposes of extortion. Attacks on critical infrastructures can have devastating effects on the population and the business community. They jeopardise the supply of goods and services that are crucial to a functioning society. Particularly sensitive personal data, such as biometric information or criminal records, are also at risk.

In Switzerland, the Federal Council defines what constitutes a critical infrastructure. A total of 10,000 individual buildings and facilities have been designated critical infrastructures. They are divided into nine sectors and 27 sub-sectors.

There are various ways of protecting critical infrastructures with structural, legal or technical measures. All are designed with one thing in mind: to prevent serious outages. And if there were to be an incident, they serve to restore functionality as quickly as possible. The Locked Shields scenario is an opportunity to rehearse the response in the event of such an outage resulting from a cyber attack.

Fictional, yet real: the simulated cyber attack

The Locked Shields exercise simulates a largescale cyber attack on a NATO member state. During the exercise, experts from the Swiss Armed Forces train alongside teams from 32 other nations in how to defend against such attacks. The incident is fictional, but extremely realistic, encompassing all of the technological and political aspects of cyber defence. The objective is to secure control over your own technical infrastructure.

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn organises one of the largest cyber defence exercises in the world. As part of Switzerland’s participation, the Cyber-Defence Campus (CYD) forged partnerships with innovative Swiss companies. As a specialist unit within Armasuisse, the Federal Office for Defence Procurement, CYD helps to identify cyber risks at an early stage and trains cyber experts. It selects its alliances strategically in order to provide defence tools that offer the highest level of security. One of these is Airlock Gateway.

Vulnerabilities under attack

The exercise involves Blue Teams, including the Swiss delegation, supporting and overseeing a country’s critical infrastructures. Meanwhile, Red Teams launch attacks in cyberspace to identify and exploit weak points in systems and processes. Blue Teams must fight off simulated attacks on the fictional nation of Berylia as quickly as possible. Since 2012 the Swiss Armed Forces have regularly participated in the Locked Shield exercise with their own Blue Team.

Good Swiss performance

The exercise covered 40 web applications, countless bugs, false configurations and outdated software. To protect services against attack, they must be updated and errors in the code rectified. But time is tight in a crisis. That’s where a central Airlock Gateway helps. It allows all applications to be patched as a group, closing loopholes. It protects business-critical, web-based applications and APIs against attack. Artificial intelligence supported by machine learning guards against new forms of cyber aggression and recognises bots that behave in a different way to normal users. In 2022 the Swiss Blue Team finished among the top ten nations in the exercise, with Airlock Gateway a major factor in their success. Although the attacks became increasingly sophisticated as the exercise progressed, Airlock Gateway was able to handle even the rarest of cases. Airlock will be deployed as part of the Swiss arsenal again for Locked Shields 2023