It was recently reported that the so called “Locked Shields 2013″ NATO exercise has finished and lo and behold, the blue team won. Of course this leaves us to question how “real” these exercises truly given the stark reality that security teams in the real world are taking a beating. The blue team victories in these types of events are not uncommon and nor are blue team victories uncommon in the real world either. However, from a simple finger in the wind measurement, it would seem that the blue team victory record in simulated exercises is beginning to approach that of the Harlem Globetrotters versus the Generals.
The problem is that the blue teams are real world, while the red teams are not. Furthermore, the simulated environments offer the blue teams far more control than they actually have in their enterprise this therefore makes the attacks less lethal and the security teams more powerful. Some may argue that the red teams employed in these exercises are real world penetration testers and indeed they are. However, penetration testers and government funded red team members are night and day different.