Locked Shields, NATO's annual live-fire cyberdefense exercise, began at the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Tallinn on Tuesday. Over two days, more than 2,000 participants from 32 countries are practicing the protection of national IT systems and critical infrastructure under the pressure of a large-scale cyberattack.
"Our center's member nations have designated Locked Shields as the premier annual training event for their top-tier national cyberdefense teams," said CCDCOE Director Col. Jaak Tarien according to a press release, noting that the organization of the exercise is a huge responsibility for the cyberdefense hub.
"Justifiably, the expectation is that, each year, Locked Shields is a cutting-edge, challenging and superbly run world-class event," he continued. "If our member nations send us their absolute best for training, we do not intend to disappoint."
The annual real-time network defense exercise is a unique opportunity for participants to practice the protection of national IT systems and critical infrastructure under the pressure of a severe cyberattack.
In addition to protecting numerous cyber-physical systems, participating teams also have the chance to practice tactical and strategic decision-making, cooperation and chain of command in a crisis situation in which they also have to tackle forensic and legal issues as well as respond to information operations challenges.
According to Carry Kangur, head of cyber exercises at CCDCOE, this year's exercise was able to be planned mostly on-site and less remotely as the COVID-19 situation has eased. Several new partners were introduced as well, making organizing of the entire exercise easier.
According to the scenario, Berylia, a fictional island country located in the northern Atlantic Ocean, is experiencing a deteriorating security situation as there have been a number of coordinated cyberattacks against Berylian military and civilian IT systems. These attacks have caused severe disruptions to the operation of government and military networks, communications, water purification systems and the electric power grid and eventually lead to public unrest and protests.
For the first time, Locked Shields is including the simulation of a reserve management and financial messaging systems of a central bank as well. A 5G Standalone mobile communication platform is also being deployed as part of critical infrastructure, providing cyberdefenders with novel experience in connection with upcoming technological changes.
Teams to fend off more than 8,000 attacks
Locked Shields is a Red Team (RT) vs. Blue Team (BT) exercise with teams formed by member states and partners of the CCDCOE. This year, there are 24 BTs participating with an average of 50 experts on each team. These teams take on the role of national cyber Rapid Reaction Teams deployed to assist a fictional country in handling a large-scale cyber incident with all its implications.
The exercise involves some 5,500 virtualized systems that are subject to more than 8,000 attacks. In addition to securing complex IT systems, participating teams must also be effective in reporting incidents as well as solving forensic, legal, media operations and information warfare challenges.
This year, more than 2,000 participants from 32 nations are slated to participate in Locked Shields 2022. The exercise is organized by the CCDCOE in cooperation with NATO, Siemens, TalTech, Clarified Security, Arctic Security and CR14, with additional contributions by Microsoft, the Financial Service Information Sharing and Analysis Center (FS ISAC, SpaceIT and Fortinet.
Locked Shields began on Tuesday and is scheduled to wrap up on Thursday, April 22.
Editor: Aili Vahtla