The urgency behind NATO’s deepening interest in cyber defense is driven by the increasing sophistication of cyberthreats against member states, according to Brig. Gen. Christos Athanasiadis, assistant chief of staff cyber at SHAPE. NATO reported earlier this year that its infrastructure came under threat from 500 cyberattacks monthly in 2016.The United States and other NATO states have become increasingly vocal about cyber-attacks launched from Russia, China and Iran, but officials say it remains hard to determine if such attacks stem from government bodies or private groups. In recent events, cyber-attacks have been part of hybrid warfare.
NATO held its annual Locked Shields exercise in April 2018, now in its eighth year. The five-day live-fire drill, led by NATO’s Communications and Information (NCI) agency and NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), simulated an attack on the critical infrastructure of a fictional country, Berylia.
The scenario for the exercise saw virtual country Berylia under attack on multiple fronts: through someone that had the resources to coordinate attacks on an ISP and a military air base, along the way disrupting “the electric power grid, 4G public safety networks, drone operation and other critical infrastructure components.”
This is in response to growing number of cyber attacks that have been part of hybrid warfare. These include the use of ransomware to hold NATO assets at risk, DDoS to interrupt NATO command and control (C2) and interoperability, and physical disabling of electrical power generation and communications rendering militaries ineffective and worse, threatening domestic public safety.
Involving as many as 4,000 virtualised systems and more than 2,500 attacks, the real-time defence exercise was designed to enable national cyber defenders to practice the protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack. Involving more than 1,000 cybersecurity experts from 30 countries, the drill was a red versus blue scenario.
CCDCOE described it as the world’s “largest and most advanced international live-fire cyber defence exercise”. The ping-ping-ping-pew-pew-pew ran from April 23rd to April 27th, and NATO said it will let participants “practice the entire chain of command” covering civilian and military systems and capabilities. Locked Shields is a scenario-based exercise aimed at helping to train participating security experts in protecting national IT infrastructure.
Techs involved in the exercise were tasked with keeping the notional nation’s networks alive, while “the strategic part should serve as a forum to understand the impact of decisions made at the strategic and policy level”, NATO’s announcement said.
“This year the exercise involved critical infrastructure that our entire modern lifestyle depends upon: power supply, clean water and emergency communications,” says CCDCOE Kadri Kütt. “The exercise trains the teams in how to protect unfamiliar environments and to make the right decisions with incomplete information, as computer emergency specialists often have to do in real-life situations.” The exercise addressed areas noted for their particular difficulty, she adds, including protecting unfamiliar specialised systems, writing good situation reports under serious time pressure, detecting and mitigating attacks in large and complex IT environments and well-coordinated teamwork. “In 2018 the exercise highlighted the growing need to enhance dialogue between technical experts and decision-makers.”
Locked Shields offers a unique opportunity for NATO as well as national cyber defenders to test the protection of respective IT systems and critical infrastructure in a safe environment, while being aggressively challenged by world-class opponents. It focuses on realistic and cutting-edge technologies, scenarios, networks and attack methods. CCDCOE integrates the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber incident, from strategic to operational level and involving both civilian and military capabilities.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.