The largest and most complex international live-fire cyber defence exercise in the world, Locked Shields 2021 organised by NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) takes place this week. The exercise includes new cyber-physical systems and integrates technical and strategic elements, enabling participating nations to practise the entire chain of command in solving a large-scale a cyber incident. This year is unique from other iterations of Locked Shields in that for the first time the organisers will also be participating remotely rather than gathering in Tallinn as they have done in previous years.
“The need for such unique collaborations as Locked Shields has become more critical than ever – during the pandemic we have witnessed a growing trend of remote working, dependence on virtual systems and also a rise in the number and scope of cyber attacks. This exercise enables participating nations to practice solving cyber incidents in the most complex and intense playground possible,” said Col Jaak Tarien, Director of the NATO-accredited cyber defence hub. “Locked Shields underlines the need for various experts to share expertise and work in close cooperation for the most effective cyber defence solutions,” added Col Tarien.
According to Carry Kangur, Head of Cyber Exercises at CCDCOE, the exercise this year has reached the highest level of organisational complexity in the history of the Exercise: “Reflecting real world cyber threats, the Exercise will address the protection of vital services and critical infrastructure that are fundamental for modern societies to operate. These include critical information infrastructure, power and water supply and national defence systems with LS21 introducing several new systems with enhanced capabilities. For example, for the first time the Exercise involves a satellite mission control systems needed to provide real time Situational Awareness to aid military decision making.”
The annual real-time network defence exercise is a unique opportunity for national cyber defenders to practise protection of national IT systems and critical infrastructure under the pressure of a severe cyberattack.
According to the scenario, a fictional island country located in the northern Atlantic Ocean, Berylia, is experiencing a deteriorating security situation. A number of hostile events have coincided with coordinated cyberattacks against Berylian major military and civilian Information Technology systems. These attacks cause severe disruptions to the operation of military air defence, satellite mission control, water purification and the electric power grid. In addition, within the strategic track element of the exercise participants have to contend with major disruptions to the financial system.
Locked Shields is a Red team vs. Blue Team exercise, where the latter are formed by member nations of CCDCOE. The participating Blue Teams play the role of national cyber Rapid Reaction Teams that are deployed to assist a fictional country in handling large-scale cyber incidents and all their multiple implications. In addition to maintaining nearly 5000 virtualised systems while experiencing more than 4000 attacks, the teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges.
Locked Shields 2021 is organised by CCDCOE in cooperation with NATO Communications and Information Agency, the Estonian Ministry of Defence, the Estonian Defence Forces, Siemens, Ericsson, TalTech, Foundation CR14, Bittium, Clarified Security, Arctic Security, Cisco, Stamus Networks, SpaceIT, Sentinel, the Financial Service Information Sharing and Analysis Center (FS-ISAC), US Defense Innovation Unit, Microsoft, Atech, Avibras, SUTD iTrust Singapore, The European Centre of Excellence for Countering Hybrid Threats, NATO Strategic Communications Centre of Excellence, European Defence Agency, Space ISAC, the US Federal Bureau of Investigation (FBI), STM, VTT Technical Research Centre of Finland Ltd, NATO M&S COE and PaloAlto networks.