In today’s era, the digital battlefield is just as important as its physical counterpart. The North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Centre of Excellence (CCDCOE) is a specialised organisation that helps in improving and strengthening the cyber defence of all member nations, NATO allies and partners.
CCDCOE organises two major exercises each year — Locked Shields and Crossed Swords. These CCDCOE-led exercises and research provide its member nations with a testbed for experimentation in cyber operations.
About Locked Shields and Crossed Swords
Locked Shields is an annual live-fire cyber defence exercise for cyber defenders to practise the protection of national IT systems and critical infrastructure under the pressure of a simulated, large-scale cyberattack. Such a real-time, network defence exercise enables cyber security experts to amp up their defence skills by reporting incidents, executing strategic decisions and solving challenges in all aspects — forensic, legal, media and crisis communication.
Crossed Swords is an annual cyber operations exercise that involves leadership training for command element, legal aspects and joint cyber-kinetic operations. The objective is to test the capabilities and practice skills that penetration testers, digital forensic experts and situational awareness experts would need when planning and executing a full-spectrum cyber operation, together with elements from the other domains.
Challenge: Protect private conversations, manage high user volumes and facilitate real-time communication
The information shared during Locked Shields exercises is highly sensitive, including proprietary threat intelligence, simulated cyber threats, potential vulnerabilities, and tactics used by adversaries, in this case, a team of pentesters.
Considering the confidentiality of the participants and the sensitive nature of messages exchanged, CCDCOE seeked a secure, self-hosted communications platform with end-to-end encryption and advanced data protection controls to maintain the privacy, integrity and confidentiality of information exchanged during Locked Shields.
On an average, about 4000 - 5000 security experts from more than 40+ nations participate in these exercises every year. Without a scalable and real-time communication tool, there will be delays in exchanging information between the organising teams and participants—which will in turn slow down decision-making during the exercises.
Considering the high volume of messages exchanged during these exercises, CCDCOE required a scalable platform that can effortlessly handle such a high influx of conversations without a drop in the latency.
Solution and Results: How Rocket.Chat helps CCDCOE enhance cyber defence by supporting 4000+ participants from 40+ NATO nations — while maintaining the confidentiality of all communications
Based on CCDCOE’s requirements, Rocket.Chat emerged as the ideal solution that ticked all their boxes for secure messaging needs.
“When considering the optimal solution to support our needs, we looked for robust security features such as end-to-end encryption, the ability to remotely log out of devices, and on-premise deployment."
~ Dan Ungureanu, Exercise Director at CCDCOE
Today, Rocket.Chat is used as the primary communications platform during the exercises to facilitate real-time communication and for quick exchange of information between participants and organisers.
Here’s how Rocket.Chat helped CCDCOE successfully conduct the largest live-fire cyber defence exercises across all NATO member nations.
Defence-grade security controls
Manage devices and user sessions remotely to prevent unauthorised access: There’s a higher likelihood of someone leaving their workstation unattended — which can compromise a user session. In such instances, it’s critical that the session is terminated immediately to prevent unauthorised access and minimise the risk of information leakage. However, during such large-scale exercises, manually logging out from all devices is not feasible.
Reduce the risk of data leaks: Rocket.Chat provides the ability to remotely log out from the device with a centralised view for managing all devices linked to the workspace. This feature not only reduces the risk of information leakage but also ensures compliance with regulations that require inactive sessions to be promptly closed.
Eliminate the need for physical access: In addition, with a centralised method to terminate user sessions, CCDCOE eliminated the need for organisers to physically access the device to end the user session and log out. This approach saved their organising teams significant time and boosted the overall productivity — all while protecting sensitive data.
End-to-end encryption for protecting confidential information
Fully private conversations: The sensitive information shared between participants was encrypted to ensure that messages and communications were accessible only to intended recipients — even Rocket.Chat cannot read or intercept the messages shared during these exercises. This was made possible with the help of end-to-end encryption — a system of communication that prevents sensitive information from being intercepted by third parties.
Maintain integrity and confidentiality: Complete end-to-end encryption of messages was a must-have to conduct these exercises. This ensured that the messages were not altered during transmission, confirming the accuracy and reliability of the data exchanged. If the integrity is compromised, it can lead to tampering and the exposure of confidential information to malicious parties.
On-premise deployment for data sovereignty
“We had specific requirements such as the ability to deploy on-premise and seamless integration with Active Directory (Azure AD). For us, Rocket.Chat has met our expectations for a communications platform and has always been really understanding of our specific needs.“
~ Dan Ungureanu, Exercise Director at CCDCOE
CCDCOE deployed Rocket.Chat on-premise for complete ownership and control over their data. Since sensitive data stayed within their secure premises, the risk of data breaches was reduced drastically.
By hosting Rocket.Chat locally on their servers, they had complete control over how all the data pertaining to the exercises were handled and processed — which made it easy for CCDCOE to comply with strict data protection regulations.
Microservices architecture to scale up or down during the exercises
CCDCOE had to support thousands of concurrent users while also maintaining high performance during the exercises.
The scalable microservices architecture of Rocket.Chat helped them scale up and down, as needed, in real-time — without any drop in the latency.
This enabled CCDCOE to dynamically accommodate this user volume, allowing for greater agility. Not only did they successfully manage the large number of users, but they also significantly reduced downtime.
“For us, the flexibility of Rocket.Chat being able to scale up and down for our specific needs has been very important.“
~ Dan Ungureanu, Exercise Director at CCDCOE
Unified workspace to centralise all discussions and information
Locked Shields and Crossed Swords involves participants from different countries and organisations.
Rocket.Chat provides a unified view of messages, files, users, calls, and projects to ensure all teams are on the same page, working together towards a common goal.
This helped CCDCOE create a common environment — making it easy and quick to share information between the organising teams, training audience and participants.
Real-time messaging for increased responsiveness to emerging threats
When issues or vulnerabilities are identified during the exercises, it’s important for the defending team to quickly share information and exchange messages on how to tackle this issue.
“Locked Shields brought together 4,000 participants, and all of the exercise teams used Rocket.Chat for immediate communication throughout the planning and execution process.“
~ Dan Ungureanu, Exercise Director at CCDCOE
Rocket.Chat supports real-time messaging by letting users send and receive messages within channels, discussions, teams, or threads instantly.
To augment this capability, Rocket.Chat provides:
- presence status to indicate the availability of each user
- typing indicator to provide a more interactive and responsive experience
- user or channel mentions to ensure users don’t miss any important update in a sea of messages
- read receipts to indicate the messages are delivered and read by the intended participants
Intuitive UI to get started quickly
The participants of Locked Shields and Crossed Swords are on-the-go end users of the communication platform that is used during these exercises. They are not expected to be familiar with the controls of the platform — which necessitates the need to implement a tool that’s intuitive and has a minimal learning curve.
The straightforward UI and intuitive UX of Rocket.Chat has made it easy and accessible for all participants to navigate through the platform, with a minimal learning curve.
Integration with Active Directory (AD) for better user management
Taking into account the large volume of participants, CCDCOE were looking for a solution that can effortlessly integrate with Active Directory (AD). This would make the whole process of adding and provisioning users a breeze. Rocket.Chat has a tight integration with AD, and this came handy for the large volume of participants. They had to be provisioned and added to appropriate channels to carry out their roles and responsibilities.
Topic-based channels to streamline users and messages
During these exercises, several channels and discussions are to be created on a requirement basis; some of these can be archived later after wrapping up the exercises.
Using Rocket.Chat, CCDCOE could quickly and easily create channels based on the topic or participating teams to streamline discussions. Depending on how the exercises progressed, users were added or removed from the channels dynamically, in real time.
“We have enjoyed the ease of creating channels/groups needed for the exercise execution. In our experience, onboarding users and getting them started with Rocket.Chat has been really easy.”
~ Dan Ungureanu, Exercise Director at CCDCOE
