NATO’s large, multiday cyber defense exercise is set to bring together technical experts from alliance countries and Ukraine nearly two months after Russia’s invasion.
The annual cyber wargames, known as the Locked Shields exercise, will start Tuesday in Tallinn, Estonia. The North Atlantic Treaty Organization’s Cooperative Cyber Defense Centre of Excellence organizes the event, which includes fictional cyberattack exercises that test teams have to fend off under time pressure.
This year’s competition is significant for the countries participating because their cyber defense units have been on high alert since the outbreak of the war in Ukraine, said Anett Numa, an international policy adviser in the cyber policy unit of Estonia’s ministry of defense.
“Like-minded countries have to work together in order to protect themselves,” Ms. Numa said. Ukrainian and Estonian experts will work on the same team in the exercise, she added.
Finland’s government websites were attacked on April 8 while the government had been discussing joining NATO. Ukrainian government websites were hacked in January while Russian troops gathered around the country’s borders. “Every single political decision can cause an attack,” Ms. Numa said, referring to current discussions in Finland about joining NATO. Estonia also experienced a large-scale cyberattack in 2007.
NATO officials have been discussing various ways the alliance could help Ukraine fend off cyberattacks, and gave the country access to its malware information-sharing platform in January. In February, U.S. deputy national security adviser for cyber and emerging technology Anne Neuberger, traveled to Brussels and Warsaw to discuss Russian cyber threats with officials from NATO, the European Union, Poland and Baltic countries.
The NATO alliance team includes around 30 cyber defenders from different NATO bodies and member countries with specializations such as communications, digital forensics, legal expertise and recovering systems damaged from an attack, said Ian West, chief of the NATO Cyber Security Centre, which defends NATO networks and is a part of the organization’s communications and information agency.
The exercise is useful for cyber defenders from different countries to communicate with each other about attacks on the same technology products that several governments use, Mr. West said. “We all use commercial off-the-shelf systems. We’re all using the same technology and, as we know, many of these technologies come to market and unfortunately they are vulnerable,” he said.
The NATO center organizing Locked Shields doesn’t make details of the simulated cyberattacks public. This year’s exercise will focus on the “interdependencies between national IT systems,” it said in a statement. The wargames don’t draw on elements of the recent cyberattacks in Ukraine because those were too recent, but the exercise generally does include scenarios that occurred in real cyberattacks, Ms. Numa said.
In 2021, more than 2,000 participants took part in a simulation that tested how a country might respond to a large-scale cyberattack on its financial system and keep critical functions running, such as payments.
The benefit of the exercises is that it sets a baseline for participants to measure their cyber defense skills against each other, said Stefan Soesanto, a senior cyber defense researcher at ETH Zurich.
The games also help experts get to know their counterparts in allied countries, he said. “They’re a huge alliance with partners behind them. If things happen, you can rely on them to assist you,” he said.