The importance of the Locked Shields cyber-attack exercise

  • 25 Apr 2022
  • Kieran

NATO’s Cooperative Cyber Defence Centre of Excellence, based in Tallinn, Estonia, has recently completed its annual two-day Locked Shields cyber exercise. The live fire cyber defence exercise is among the largest in the world, involving 2000 participants from 32 nations, and helps train cyber response teams for large-scale attacks.

According to a statement on its website, “the annual real-time network defence exercise is a unique opportunity for cyber defenders to practice protection of national IT systems and critical infrastructure under the pressure of a severe cyberattack.”

This year’s exercise has particular importance as it takes place amid the rising threat of cyber-attacks since the Russian invasion of Ukraine. Indeed, Ukrainian experts participated in Locked Shields 2022 and joined the same team as US cyber defense experts[1]. Adding to its significance, this year’s scenario saw a fictional island country face coordinated cyber-attacks against military and civilian IT systems, causing “severe disruptions to the operation of government and military networks, communications, water purification systems, and the electric power grid.”

Events such as this show the importance of large-scale exercises, especially in the current global situation, and particularly as the host country faced its own cyber-attack last Thursday as the exercise was taking place. Distributed Denial of Service (DDoS) cyber-attacks were reportedly targeting Estonia’s government websites and other state organizations[2], causing a temporary disruption. The country’s Information System Authority, which reported the disruption, were allocated more funding to block this type of attack on its government webpages last week.

Meanwhile, organizations such as Siemens have helped set up the Locked Shields exercise and provide expertise for certain scenarios. According to a previous Locked Shields event[3], Siemens’ support includes providing power grid scenarios for the exercise. However, by participating in an event such as this, the organization also gains insight into new types of cyber-attack and can develop strategies to defend against them. It provides an example of how collaboration between different participants in a large-scale exercise can test and inform each other, resulting in the improvement of cyber resilience for all.




More on
About the author

Kieran Matthews

Content Creator, The BCI