Nato defends against coordinated cyber-attack during elections in LockedShields live-fire exercise

News by SC Staff

Locked Shields 2019, the annual NATO CCDCOE live-fire cyber exercise got underway today in Tallinn, Estonia, simulating an attack on vital services and critical infrastructure of a fictional island country, Berylia.

Locked Shields 2019, the annual NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) live-fire cyber exercise is underway until 12 April in Tallinn, Estonia, simulating an attack on vital services and critical infrastructure of a fictional island country, Berylia.

It aims to highlight the increased need for a better functional understanding between various experts and decision-making levels. The organisers intend to integrate the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber-incident, from strategic to operational level and involving both civilian and military capabilities.

The scenario entails Berylia experiencing a deteriorating security situation while the country conducts national elections. Various hostile events coincide with coordinated cyber-attacks against major civilian ITC systems. The attacks cause severe disruptions in the operation of water purification systems, the electric power grid, 4G public safety networks, maritime awareness capability and other critical infrastructure components. The cyber-attacks also effect national perceptions of the election results, leading to public unrest.

Participants train as national cyber rapid reaction teams that are deployed to assist Berylia in handling a large-scale cyber-incident. While the aim of the tech game is to maintain the operation of various systems under intense pressure, the strategic part addresses the capability to understand national coordination mechanisms, law enforcement options and strategic communication.

Locked Shields 2019 is organised by CCDCOE in cooperation with the Estonian Defence Forces, the Finnish Defence Forces, the United States European Command, National Security Research Institute of the Republic of Korea and TalTech. Industry partners in the exercise include Siemens AG, Elisa, Cybernetica, Cisco, VTT Technical Research Centre of Finland Ltd, Arctic Security, Clarified Security, Iptron, Bytelife, BHC Laboratory, Bolt and many others. More than 1,000 international cyber security experts and decision makers will participate in the exercise

After winning last year's competition, the NCI Agency decided it would contribute its expertise this year by forming a team of nearly 40 cyber security experts comprising both Agency experts as well as representatives from several NATO Nations. NCI Agency’s team has 10 members from six Nations to be part of a united NATO team. Six Nations –Turkey, Norway, Croatia, Romania, Bulgaria and Slovenia. During the several-day exercise, the NATO team will act as a Blue Team protecting networks. Their goal is to assess the situation, maintain availability of services and defend networks that have fallen victim to cyber-attacks.

Blue Teams such as NATO’s can expect to notice quite a few vulnerabilities in the systems they must protect. They will have limited access to the environment before the exercise, so they will have to quickly assess the situation once Locked Shields begins.
The exercise takes place in a lab environment, so no production networks are used.

In a press statement, Nato NCIA says, "Preparing for this exercise was a two-way mentoring effort, where the experts learned from the Agency, and the Agency learned from them. Forming this team was another way for Agency to strengthen the community of cyber-security experts it is building under its Cyber Security Collaboration Hub initiative."

The Agency took the first step to launch the Hub on 12 February 2019. Allied Computer Emergency Response Teams from five Nations – Belgium, France, Netherlands, United Kingdom, and United States -- were connected then to NATO's protected business network.

This pilot programme will allow Nations to quickly and securely share information with each other, and with the Agency. Access to the network, which provides an encrypted workspace with secure video, voice, chat and information gathering, will roll out to all 29 Nations later this year.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews