South Australia takes the lead in world’s most complex cybersecurity exercise

Locked Shields continues to garner praise as the largest and most complex live-fire cyber defence exercise in the world.

Spearheaded by NATO, this year’s exercise saw 3,000 participants from 40 nations defending virtual models of national IT systems and critical infrastructure from real-time attacks.

Immersed in simulated, real-world scenarios, teams deploy critical thinking to navigate complex cyber incidents, demonstrating the real power of cooperative defence.

South Australia led the charge out of the Australian Cyber Collaboration Centre (Aus3C) at Lot Fourteen, harnessing the strengths and smarts of top cyber security talent from around the country.

For the first-time ever, Australia joined forces with the US and Greece to compete as a multinational, multi-disciplined 160-member strong cohort. In addition to international partners, the South Australian led team included members of the Royal Australian Air Force, Australian Army, Australian Federal Police, Defence SA, telecommunications experts and representatives from the mining and power sectors and local universities.

Lot Fourteen resident CyberOps was pivotal in bringing the exercise to life and according to Founder and Technical Lead for the exercise Derek Grocke, it’s been a while in the making. “We recognised the value of the exercise and have been engaging with NATO since 2019.”

CyberOps was there every step of the way – from building and supporting the global organisation and hosting formal training for all participants to providing teams members for both the partner and full run legs of the exercise.

“Removing the barriers that exist between defence and industry has led to the country being more ‘battle ready’. More than a ‘game’, Locked Shields prepares countries for real-life information warfare,” said Mr Grocke.

Reg Carruthers Executive Director Defence and Space at Defence SA commended the camaraderie and commitment showcased by all team members – from lead up to execution.

“The level of commitment, knowledge and expertise speaks volumes about South Australia (and Australia’s) evolving cybersecurity capability,” said Mr Carruthers.

“The partnerships formed through the exercise will go a long way in advancing and protecting South Australia’s IT infrastructure and security.”

Amy Ormrod, CEO of Adelaide-based cybersecurity consultancy Cygence was responsible for leading the team and coordinating their contribution, in partnership with Aus3C.

“The event marked many firsts for Australia,” she noted. “It was the first time that state and federal government, industry and academia all came together as a collective for the Locked Shields Main Run, and it was the first time that we (Australia) tested our cyber capability against the best in the world.”

Countless hours and a lot of horsepower went into the exercise. “Over a period of just a few months we needed to recruit the right people with the right skill sets and build a complete organisation with supporting processes and technical infrastructure in place. We looked to both technical and non-technical capability spanning the depth and breadth of the national cyber industry.”

In addition to tackling the most complex tasks ever set out by the exercise, team members were required to navigate time zone challenges with Locked Shields hosted in Tallin, Estonia, in addition to the US and Greece.

“While the majority of our team was based in South Australia, we also had members scattered across Perth, Melbourne, Sydney, Canberra, Honolulu (Hawaii) and Athens (Greece),” said Mrs Ormrod.

The exercise closely aligned with the 2023-30 Australian Cyber Security Strategy, aiming to strengthen Australia’s cyber defences and achieve the world leader in cyber security status by 2030.

“We do believe that the learnings from Locked Shields will go a long way in building Australia’s cyber security capability. It gave us the platform to bring the very best in industry together to collaborate, share and