NATO Live-Fire Cyber Exercise

Uploaded on 2018-09-04 in NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

With the cyber domain playing host to increased hostilities, being ready for large and small-scale attacks has rarely been more crucial. NATO’s Locked Shields exercise is one way of ensuring IT infrastructure is always ready.

Cyberattacks and the methods by which the public and private sectors deter and counter them have occupied the headlines with increasing frequency in today’s tech-ladened world. Often we hear of the failures of those entrusted with our personal data, the consequences of seemingly poor cybersecurity management, and the damage to reputation or – worse still – IT infrastructure of public bodies and private organisations alike when a cyberattack was at least partially successful.

However, it’s fair to say that having robust cybersecurity measures in place is a game of cat and mouse. This is something not likely to change, at least for the foreseeable future. The ability to avert and respond to cyberattacks has become a critical government and business concern with the global cybersecurity market estimated to be worth $96bn this year in 2018, an increase of 80% year-on-year according to Gartner.

Defending against state-backed cyber threats

More often than not cyber activity is the domain of criminal gangs interested in making money from their actions. However, today more than ever, state-backed players and even governments themselves have been much more active, with different objectives. Critical infrastructure – financial institutions, power networks, healthcare providers and so on – have all fallen victim.

Russia, Iran and North Korea, among others, have been accused of unashamedly increasing their activity with growing sophistication – although all have and continue to deny the accusations.

Despite that denial, the increased threat led to an unprecedented step taken by the US and UK earlier this year. In April they issued a joint warning about the activities of Russia and the impact they could have on governments, businesses and even personal home networks.

The UK’s National Cyber Security Centre’s chief executive, Ciaran Martin, suggested Russia was trying to access personal routers in homes and small businesses saying this was “a very significant moment as we hold Russia to account and we improve our cyber defences at the same time”.

The statement, which was followed by the Australian government saying it had noted a rise in the number of these sort of attacks, offered technical advice on how individuals could improve their cybersecurity. A British brief read: “Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.”

NATO live-fire exercise

This evolving threat from ‘enemy’ states and criminal organisations alike continues to occupy the thoughts of those wanting to protect IT networks and much as those that rely on them. Just days after the joint US-UK statement, NATO held its annual Locked Shields exercise, now in its eighth year. The five-day live-fire drill, led by NATO’s Communications and Information (NCI) agency and NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), simulated an attack on the critical infrastructure of a fictional country, Berylia.

“Berylia experienced a deteriorating security situation, where a number of hostile events coincided with coordinated cyberattacks against a major civilian internet service provider and a military airbase,” explains CCDCOE Kadri Kütt.

Involving as many as 4,000 virtualised systems and more than 2,500 attacks, the real-time defence exercise was designed to enable national cyber defenders to practice the protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack. Involving more than 1,000 cybersecurity experts from 30 countries, the drill was a red versus blue scenario.

Twenty-two blue teams from CCDCOE member states and experts from NATO and the European Union (EU) made up rapid reaction teams deployed to assist in containing and countering a large-scale cyber incident and all its multiple implications. Red teams carried out the attacks intended to cause severe disruptions to the operation of the electric power grids, 4G public safety networks, military drone operations and other critical infrastructure components.

“This year the exercise involved critical infrastructure that our entire modern lifestyle depends upon: power supply, clean water and emergency communications,” says Kütt. “The exercise trains the teams in how to protect unfamiliar environments and to make the right decisions with incomplete information, as computer emergency specialists often have to do in real-life situations.” The exercise addressed areas noted for their particular difficulty, she adds, including protecting unfamiliar specialised systems, writing good situation reports under serious time pressure, detecting and mitigating attacks in large and complex IT environments and well-coordinated teamwork

“In addition to maintaining complex IT systems, blue teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges,” Kütt continues. “To stay abreast of market developments, Locked Shields focuses on realistic and cutting-edge technologies, scenarios, networks and attack methods.”

As well as teams from across member states, NATO and the EU, the private sector played a key role. Among others, Threod Systems provided their drones expertise, Ericsson assisted with 4G public safety networks for law enforcement and emergency, and Siemens assisted with software. “The role of private sector partners is crucial. We cooperate with industry partners that bring specialised capabilities and technologies used all over the world,” says Kütt.

What Locked Shields 2018 revealed

Considering the interdependencies in the cyber realm, nations have to take measures to protect their vital services, critical information infrastructure and military systems, Kütt explains, adding that in the real world, the military cyber domain cannot be separated from the civilian sphere.

“In 2018 the exercise highlighted the growing need to enhance dialogue between technical experts and decision-makers,” she says. “CCDCOE integrated the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber incident involving both civilian and military players.”

According to Kütt the exercise “highlighted the growing need to enhance dialogue between technical experts and decision-makers”.

Locked Shields 2018, the largest and most complex international live-fire cyber defence exercise in the world, was won by the NATO team with France and the Czech Republic taking second and third place, respectively. Although the exercise was a success, Kütt warns the job is never done.

“The systems running our critical infrastructure and military technologies are in constant development, we have to test and drill our resilience and defence on a regular basis,” she says. “Our cyber defenders will never be ready, they have to keep learning and practicing cooperation with like-minded nations on a regular basis.”

Army Technology:      C4ISRNet

You Might Also Read:

NATO Could Go To War In Response To A Cyber Attack

« Cyber Insurance Has Distinctly Risky Characteristics
US Army Upgrades Cyber Protection Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

Macomb-OU Incubator

Macomb-OU Incubator

Macomb-Oakland University Incubator supports startup and emerging companies in the niche industries of defense, homeland security, advanced manufacturing and technology.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.