In order to stay relevant and effective, international organizations and alliances must adapt to present-day challenges. While an organization’s broad mandate and purpose will generally stay the same over time, its objectives and instruments are often revised due to the constantly changing state of international relations. A recent development that has substantially altered global affairs is the digital revolution and the subsequent growth of cyberwarfare and cyber-enabled conflicts like information warfare. The increasing presence and complexity of cyber threats have motivated NATO to expand its collective defense system to support cyber resilience through the creation of the Cyber Rapid Reaction team along with information exchange and capacity building programs. One impressive initiative that contributes to cyber resilience is the annual Locked Shields exercise, which is the largest live-fire cyber drill in the world.
Every year, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia invites over 1,000 cyber experts from 30 countries to participate in Locked Shields. The CCDCOE is a NATO-accredited organization whose experts help the centre’s 21 members (18 NATO countries and 3 non-NATO nations) understand and address cyber issues. The Locked Shields exercise consists of a Red Team stationed in Tallinn attacking Blue Teams stationed in their own bases. The latter group must act as rapid response teams and resist the Red Team’s attacks, which target everything from communication networks to infrastructure.
This year, 23 Blue Teams had to defend the fictional island country of Berylia. Another fictional nation – Crimsonia – unleashed cyber attacks on Berylia’s critical infrastructure, harming water purification systems, the electric power grid, communication networks and so on. To top it all off, these attacks took place during Berylia’s national election, which affected public perceptions of the election results. Each team worked on securing over 150 sophisticated information technology systems while communicating with the media and ensuring the legality of their actions. The 2019 NATO team comprised 30 agency experts and 10 volunteers from 6 Allies (Bulgaria, Croatia, Norway, Romania, Slovenia, Turkey). In order to encourage experimentation and not deter teams from trial and error, the conveners only announce the top 3 teams. The NATO team, which won in 2018, was not able to defend its title; this year’s winners were France, the Czech Republic and Sweden.
Locked Shields is an incredibly valuable and useful exercise for many reasons. First, it gives cyber defenders the opportunity to learn, practice and improve important skills such as teamwork and flexibility. Blue Teams must communicate and coordinate with their own team members and with other teams across the world. Moreover, participants must familiarize themselves with the technical and non-technical aspects of cybersecurity, which involve public affairs, computer systems, law and psychology. Second, Blue Teams gain experience confronting realistic cyber incidents that mirror attacks that have already taken place (and will continue to do so). One of the key motivations behind the establishment of CCDCOE was the massive cyber attack on Estonia in 2007, which took down websites of multiple banks, media outlets and government bodies. More recent incidents have included the December 2015 attack on Ukraine’s power grid that caused blackouts across the country, the WannaCry ransomware attacks of 2017, the NotPetya attacks that took place the same year (whose damage cost over $10 billion to remedy), and the hacks that targeted political parties in the US, Germany and France. Cyber attacks can have dire consequences; NATO allies must be well equipped to prevent and fight them.
The third benefit of Locked Shields comes from its integration of the private sector. The Red Team contains experts from various private firms that support the exercise, like Siemens AG and Cisco. Participating in the design and execution of Locked Shields allows these companies to improve their own services and systems. The exercise also helps them make connections with the public sector. Finally – and perhaps most importantly – Locked Shields demonstrates the importance of collaboration between NATO Allies and reaffirms that the transnational nature of technology makes cybersecurity a collective task. Working with technical, civilian and military experts from around the world to achieve a common goal makes countries more willing to support international cooperation on cyber challenges. This is evident in the many recent NATO initiatives that have gained momentum, like the establishment of the Cybersecurity Collaboration Hub and the Cyberspace Operations Center. Both of these projects will improve the coordination of Allies’ cyber capabilities and encourage collaboration on research, development and problem-solving. Locked Shield is a unique exercise that demonstrates the triumphs NATO allies can achieve when they work together and helps nations increase their ability to face emerging challenges with confidence.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.