NATO completed the world’s largest cyber exercise on April 27, with officials building in more complex tests to assess member nations’ ability to defend and share information on threats directed at critical infrastructure.
The Locked Shield exercise in Estonia, organized by NATO’s Cooperative Cyber Defence Centre of Excellence (CCD COE), featured 22 member nation teams and industry partners working to defend against simulated cyber attacks on power grids and military installations.
“We really emphasized the importance of protecting critical infrastructure. Over the past three years, we’ve gotten more requests to provide training exercises on how important it is to be able to defend your critical infrastructure,” Commander Michael Widmann, CCD COE strategy branch chief and lead official for the cyber exercise, told sister publication Defense Daily.
NATO officials looked to make the 2018 exercise more complex to simulate growing cyber threats from malicious nation-state actors with increasing potential to take down grid infrastructure.
“The exercise encompassed approximately 4,000 virtual systems and more than 2,500 attacks. In addition, each team had to maintain more than 150 difficult IT systems, blue teams had to report incidents, make strategic decisions and solve challenges concerning external communication, the legal field and media” Aare Reintam, a NATO official and exercise organizer, said in a statement.
Teams were tasked with maintaining system integrity while hostile actors directed attacks on electrical power grids, 4G networks, military drone systems and water infrastructure.
Member-nation participants in Locked Shield included U.S. European Command, Estonian Defence Forces, Finnish Defence Forces, and the British Joint Army.
A strategic decision-making component was added to the 2018 exercise on the suggestion of top leadership from NATO’s member nations, with the intention of assessing teams’ ability to best act on information sharing opportunities.
“In the scenario, [teams] would have to decide the decision-making calls as far as who do we give information to, what partners do we share this information with. We’ve gotten a lot more complex by integrating this technical piece into the decision-making piece,” Widmann said.
Industry participants were called on to simulate critical infrastructure partners who would be most involved in facilitating threat information with government officials.
“Each year we want to make that exercise a little more complicated. Industry is pretty happy to help us. When we get a chance to cooperate with these companies, they give us the opportunity to train people who will be defending those systems,” Widmann said.
Germany’s Siemens AG, Sweden’s Ericsson, Finland’s Bittium and Goodmill and Estonia’s Threod Systems and Bytelife were among the international private sector participants in the latest exercise.
Widmann said the overall assessment was that member-nations’ military systems have improved defense protocols and cyber hygiene. NATO officials added more human factor tests to the 2018 exercise to make sure teams were fully aware of threats even they assume their system is secure.
“The hygiene, especially for military systems, is pretty high. One of the things that we do just to move the game along as well is we use simulators and introduce spear phishing or malware,” Widmann said. “We stack the deck against the blue teams just to see how they react. We want to see if they lose some control, and can they get their system back.”
The team comprised of NATO experts won the exercise, followed by France and the Czech Republic in second and third place respectively.
“The winning team excelled in all categories of the exercise. This was the first time for NATO to participate in the exercise with a team that was made up of representatives of the alliance’s various agencies,” Reintam said in a statement. “Nevertheless, all teams that participated deserve recognition for fulfilling the tasks given in the exercise.”
Locked Shield wraps up just as NATO CCD COE plans to grow with Portugal becoming a member on April 24 and Australia announcing its intention to join the center on April 23.