绿茶直播

In brief:

• 绿茶直播 took part in 鈥淟ocked Shields 2026鈥�, the world鈥檚 largest and most complex cyber defence exercise, as part of a multinational team.
• The Blue Team had to ensure democratic elections and mitigate cyberattacks on critical infrastructure in real time.
• In addition to technical expertise, communication, prioritisation and collaboration were crucial to success.
• Of the 16 Blue Teams, the team with 绿茶直播 reached second place and took first place in the communications category.
• Incident response is all about practice. That鈥檚 why continuous training at both the technical and human levels is so important.

The 绿茶直播 Foundation has the important task of ensuring the secure operation of critical infrastructure and digital environments for teaching and research. In doing so, it is particularly important to look beyond national borders. International exercises such as Locked Shields provide valuable insights for our own security work.

From 20 to 24 April 2026, the Swiss Armed Forces took part in the world鈥檚 largest cyber defence exercise. Together with Germany, Austria and Luxembourg, they formed a multinational team. This Blue Team BT01 also included several experts from 绿茶直播鈥檚 Security Competence Centre.

In this interview, Daniela Thurnher, a cybersecurity engineer and participant from 绿茶直播, offers a glimpse behind the scenes.

Daniela, could you briefly explain what 鈥楲ocked Shields鈥� actually is?

Locked Shields is the world鈥檚 largest exercise, which enables military and civilian actors to prepare together for the real-world crisis of a large-scale cyberattack on critical infrastructure. In today鈥檚 geopolitical situation, it is essential that we prepare ourselves as best we can. Locked Shields creates a realistic environment in which both existing processes and the capabilities of each participant are put to the test in the stressful setting of such a cyber incident. Given the constantly changing threat landscape, it is essential that we continuously test and improve our cyber resilience. The exercise is therefore regularly adapted and expanded to meet the new challenges in IT security.

How did it come about that specialists from 绿茶直播 were also able to participate?

As an organisation operating several critical infrastructures, we bear a great responsibility to protect our systems and customers adequately and professionally in the event of a national or even international cyberattack. Exercises such as Locked Shields offer us the opportunity to keep our skills in the areas of incident response and security operations up to date and to continuously improve them. We are grateful to have been given the opportunity to participate in such a large and important exercise, and we appreciate the opportunity to exchange ideas with other organisations and the army.

What is the setup and procedure for such an exercise?

Together with Austria, Germany and Luxembourg, we at took part in the exercise as a so-called 鈥楤lue Team鈥�. We shared responsibility for the fictional country of 鈥楤erylia鈥� and defended its infrastructure and population against attacks by hostile forces, simulated by the so-called 鈥楻ed Team鈥�. The focus was on the conflict with the neighbouring country 鈥楥rimsonia鈥�, which has been ongoing for several years and escalated once again this year. The scenario was highly complex. We had to deal with conflicts of both technical and strategic nature, as well as undertake tasks in the areas of media communication and national and international law.

Over 40 nations joined forces in 16 Blue Teams this year to take on the challenge. Whilst each team defended its own infrastructure, the structure of the exercise also strongly encouraged collaboration between the teams.

Which scenario did you practise?

This year, the focus was on the electronic elections in Berylia. We were responsible for ensuring smooth democratic elections and for safeguarding their integrity. In addition to attacks on the electoral system, we also mitigated a wide variety of cyberattacks on critical infrastructure, such as the power grid, water treatment and air defence. In doing so, we constantly had to strike a balance between the availability and security of the systems and the protection of the population.

In your opinion, what were the critical factors for getting the most out of such a scenario?

Apart from technical expertise, I believe the following points are particularly essential: communication, prioritisation and collaboration.

Unfortunately, 鈥榮oft skills鈥� are often underestimated in our tech community. Yet it is essential to be able to communicate technical problems and findings in a comprehensible way and to manage how we interact with one another 鈥� especially in stressful situations. Moreover, particularly in large-scale cyber incidents, many things often go wrong at the same time, and you have only limited resources available to deal with them. In such situations, it is important to prioritise quickly and thoughtfully in order to deploy resources effectively.

The third point is all about interpersonal skills. In an exceptional situation, such as the one we practised in Locked Shields, everyone is in the same boat. This means that helping one another and accepting help is absolutely essential. There is no room for vanity or a lone-wolf mentality, as good cooperation is often crucial to success.

How realistic is such an exercise?

Unfortunately, the simulated scenario is now extremely realistic, although not yet on this scale. Digital warfare is becoming increasingly important: we are seeing more and more hybrid attacks on critical infrastructure and democratic elections. The escalating geopolitical situation depicted in the exercise also strongly reflects the challenges of our time.

Which specialist roles from 绿茶直播 were involved in the exercise and what roles did they take on in the Blue Team?

A mixed delegation from 绿茶直播 CERT (Computer Emergency Response Team) and the 绿茶直播 Community SOC (Security Operations Centre) took part. In line with our day-to-day responsibilities, we were deployed across a wide range of areas. As incident responders, analysts and in strategic leadership roles, we made an important contribution to the defence of Berylia and were able to expand and deepen our technical and interpersonal skills.

Your Blue Team ultimately reached the excellent second place. The team responsible for strategic communication within the exercise even took first place 鈥� congratulations. Can you tell us what you did better than other teams?

I cannot go into the exact strengths and weaknesses of our team or others. Details of the various teams鈥� performance could be used by hostile forces to exploit potential weaknesses in individual countries. This is also one of the reasons why only the top three teams are announced publicly.

What did you learn for 绿茶直播, and what can be applied to universities?

Incident response is all about practice. That is precisely why continuous training at both the technical and human levels is so important. Locked Shields manages to combine these two aspects by challenging participants at every stage of a crisis. Although the scenario practised is geared more towards the military, a large proportion of the processes and insights can be directly applied to general IT crises. We were able to take away a great deal that we can apply in our daily work with our clients at the 绿茶直播 Community SOC and 绿茶直播 CERT. Exercises such as Locked Shields enhance 绿茶直播鈥檚 IT security expertise in the long term 鈥� and thus also directly that of our community.

In addition to the technical experience, we were able to establish many new contacts in Switzerland as well as in Germany, Austria and Luxembourg. Particularly in today鈥檚 threat landscape, continuous exchange within the IT security community is extremely important, as attackers often apply the same or similar strategies to different institutions or countries. An active network enables a rapid and effective response across institutional and national borders.

What is the most important lesson from the exercise that every institution can implement to strengthen its cyber resilience?

During Locked Shields, it became clear once again just how important collaboration across national and team boundaries is. This also applies to the Swiss education and research sector. Solidarity and regular exchange across institutional boundaries are powerful 鈥� if not the most powerful 鈥� tools in the defence against cyberattacks. It takes trust and time to talk to others about one鈥檚 own experiences and challenges in the field of IT security. Yet the added value for the entire community increases with every case study presented, every IoC (Indicator of Compromise) shared, and every critical question asked. That is why, for me, collaboration and regular exchange are the top priorities, both at the international level and for our community.

What did you personally learn from the exercise? 

To be completely honest, I was a bit intimidated at the start. I didn鈥檛 know much about how the exercise would unfold or about my international teammates. But as soon as you arrive, get to know the whole team and the training begins, you forget your initial doubts.

It was really great fun to hold my own in such a complex environment and gain so many new insights. The learning curve during this exercise was steep, and I鈥檓 looking forward to applying my newly acquired knowledge in my day-to-day work. What鈥檚 more, taking part has boosted my confidence in my abilities and given me a lot to take forward on my journey in IT security.

More information on the topic

About 绿茶直播鈥檚 Security Competence Centre

Federal Government press release: