Introduction
Locked Shields 2025, the world’s largest cyber defense exercise, was held in early May by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). In the 2025 edition of this event, about 4,000 people from approximately 40 countries formed 17 multinational blue teams to participate in a scenario where they had to defend ICT infrastructure equivalent to that on a national scale.
Similar to last year, three members of Mercari’s Security Team participated in Locked Shields this year. In this article, we’ll share the knowledge we gained on the front lines of international joint exercise.
Team introduction
Three Mercari employees participated in this exercise.
- Yuto Iso: Mainly in charge of preserving all information systems under Japan’s sphere of defense and preventing breaches of essential systems.
- Hiroki Akamatsu: In charge of vulnerability hunting and fixing for platforms and web applications.
- Sana Okumura: In charge of analysis of signs of breaches, confirmation of evidence, and reporting.
The three of us detected signs of attacks, checked evidence of attacks, and identified and addressed vulnerabilities.
Task details
In Locked Shields, participants must defend a large number of information systems from sophisticated cyber attacks. Yuto developed a mechanism to automatically examine all target information systems, which significantly reduced the effort needed to safeguard and restore the systems. This also contributed to identifying vulnerabilities before they were exploited and swiftly recovering systems after attacks.
The Locked Shields scenario contains various services, authentication infrastructures, and networks, including AI features, as well as a platform on which all of those operate. As someone with knowledge of AI, web applications, and container technology, Hiroki supported the team in aspects such as making multiple web applications more robust and building a safe container deployment environment.
Throughout the scenario, attackers try to breach information systems using various attack patterns. Sana checked various forms of evidence to accurately identify and report the extent of impact of attacks, which contributed to the detection and containment of attacks.
Takeaways and results
Each of us approached the exercise from our areas of expertise, but throughout the event, we encountered attacks in areas we had no experience in, such as operational technology systems, so we learned a lot as we worked to defend the systems from countless attacks.
On the less technical side, the event also provided us with hands-on experience in how to smoothly communicate and collaborate with participants specializing in other fields in a cybersecurity defense scenario.
Conclusion
Locked Shields is the only exercise of its kind to such a large scale, and this year’s event was a very valuable experience for the Mercari members involved. We each demonstrated our expertise to our fullest potential to provide wide-reaching technical support to the systems we were in charge of. Through automating system examination and preservation, and rapidly addressing vulnerabilities and identifying extent of impact in a complex environment, we were able to polish our practical skills. In addition, we also gained knowledge of new attack methods and defense strategies.
We were especially reminded of the importance of communication and collaboration in cyber defense through our cooperation with specialists in various areas from other countries. We felt first-hand how difficult it is to swiftly and accurately share information and work toward a shared goal in a constantly evolving situation, and how big the sense of accomplishment is when you overcome that difficulty.
We’re confident that the knowledge and experience gained through this exercise will contribute significantly to strengthening the security of Mercari’s services, enhancing our incident response capabilities, and preparing for potential future cyber attacks. Going forward, Mercari will continue to strive to actively participate in international initiatives such as Locked Shields in order to enhance our cybersecurity technology and provide safer and more secure services.
Source: https://x.com/ModJapan_en/status/1920769117180641309?t=9Bi-vyX3tawRB5F_QAJidw&s=19
