Amaliah Reiskind Cyber Security and Emerging Threats

Cyber Drill Locked Shields: More Relevant Now Than Ever

Last month NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) wrapped up another successful cyber-defence training exercise. Locked Shields is the world’s largest live-fire cyber drill and has been organized by NATO’s CCDCOE every spring since 2010. In 2018 almost 30 countries, including a NATO contingent, competed in the weeklong event. This was the first year NATO’s participating team consisted of representatives from different internal agencies, and, perhaps tellingly, they were awarded the highest marks.


Locked Shields’ real-time operation was created to hone cyber defence coordination within national teams and between Allies. As such, this is an important exercise as it allows for communication between policy makers and experts, both in the public and private sector, and is integral to keeping rapidly of constantly shifting cyber attack vectors.


The exercise tests teams’ abilities by having them act as defending “blue teams” against a barrage of attacks on a simulated target. To successfully keep their networks functioning and avoid catastrophe participants must work as complete chains of command; they must share information effectively in order to safeguard their virtual critical infrastructure and IT systems. Locked Shields adds an extra degree of realness by also requiring teams to work closely with other nations defence teams. This is important as digital infrastructure is connected beyond borders and therefore many emerging cyber security policies stress collaboration with other countries.


Locked Shields 2018 presented teams with the fabricated City of Berylia. In the simulation the city faced dangerous disruptions to their power grid and infrastructure. Organized cyber and kinetic attacks targeted a major Internet service provider (ISP) and nearby military airbase. Teams had to maintain operability while managing the crisis: performing digital forensic tasks, responding to scenario injects, reporting incidents, and making strategic decisions and communications. The attacks were high-intensity and over 4,000 virtualized systems were involved, ensuring that the experts who participated were sufficiently put through their paces. The choice to involve civilian critical infrastructure as a target is reflective of the increase in attacks on power grids and other vulnerable public networks over the last couple of years. This shift in incidents again highlights the need for cooperation between private and public sectors in order to ensure that cyber defence teams are prepared to tackle evolving threat landscapes.


Cyberspace was established as a new frontier for defence operations for NATO during the 2014 Summit in Wales. However legitimate codes of conducts or norms have yet to be established for the cyber domain. As such there has been a continuous growth of attacks testing where the proverbial red line is. This has meant that states are seeing more and more cyber incidents regarding their critical civilian infrastructure; whether in full out attacks like what happened in Ukraine in 2017 or through cyber espionage.


While Allied countries are responsible for their own cyber security, NATO has pledged to be on the frontline of cyber defence. NATO’s cyber experts monitor daily threats and work with governments to continuously evolve defence competencies. The organization is continuously working to increase their cyber operations, whether through the NATO Industry Cyber Partnership, the NATO Communications and Information Agency, the aforementioned NATO Cooperative Cyber Defence Centre of Excellence, or the upcoming NCI IT Academy in Portugal.


As cyber defence strategies continue to become an integral component to security capabilities, drills such as Locked Shields appreciate in value. NATO’s decision to submit a team compiled of its different facilities demonstrates their understanding that silo systems are the Achilles heel to effective cyber security strategies. Being able to effectively communicate threats and strategies to allies is what is needed to create a vanguard against increasingly proficient attackers. As such Locked Shields will likely continue to grow in value, size, and complexity in step with the cyber defence landscape.


Photo: A visual depiction of hacker. Via Max Pixel. Public Domain. CC0 Creative Commons License.

Disclaimer: Any views or opinions expressed in articles are solely those of the
authors and do not necessarily represent the views of the NATO Association of

Amaliah Reiskind
Amaliah Reiskind is a Program Editor at the NATO Association of Canada. Last year she completed her post-graduate studies in Global Security at the University of Glasgow. During her studies she focused predominately on emerging cyber security issues, knowledge she further augmented with enterprise cyber security classes at the University of Toronto School of Continuing Education. She holds a Bachelor's of Commerce from Ryerson University, which she used to build international experience, working with firms with interests in South East Asia. Amaliah briefly taught English as a Second Language in South Korea and on her return worked closely with the Embassy of the Republic of Korea to Canada to build a network for new and returning ESL teachers.