NATO’s Communication and Information Agency (NCI Agency) is starting its annual Locked Shields cyber defense simulation as the West prepares for Russian cyberattacks amid the war in Ukraine.
The wargame, which began on Tuesday in Tallinn, Estonia, will provide cyber teams from NATO members and allies with technical training. In a simulation, the teams will compete against each other to learn how to best defend their networks and critical infrastructure against cyberattacks.
As the war in Ukraine escalates, NATO members are on high alert for Russian cyberattacks targeting critical infrastructure, as well as diplomatic and economic sanctions against Moscow. “Exercises like Locked Shields give both the offense and defense a chance to sharpen their skills,” said Michael Daniel, president and CEO of Cyber Threat Alliance.
“Given the conflict in Ukraine and the threat posed by Russian cyber activities,” he added, “it’s critical for NATO to exercise its cyber capabilities.”
Although the training and the war in Ukraine happen at the same time, Daniel says the US and NATO have the opportunity to incorporate the latest Russian cyber activities into their exercises so that participants can learn in real time.
Such exercises are intended to teach and train participants on how to anticipate the enemy’s thought process and cyber tactics, according to James Turgal, vice president of cyber consultancy Optiv. “It’s critical to understand where your vulnerabilities are but more importantly how you are going to respond,” Turgal said.
Ukraine has been the target of numerous cyberattacks aimed at its critical infrastructure and government websites since the war began. Ukrainian officials announced last week that they had successfully thwarted a cyberattack aimed at disrupting the country’s electrical grid. According to government officials, the hackers behind the attack are linked to Russia’s military intelligence agency, the GRU.
Microsoft announced earlier this month that Russian cyberattacks targeting Ukraine and organizations in the United States and the European Union, including media outlets and policy-related institutions, had been disrupted. Last month, a Google report revealed that Russian-backed hackers used phishing campaigns to try to breach the networks of NATO, US-based nongovernmental organizations, and the militaries of several European countries.
In early April, cyberattacks targeted Finland’s government websites, including the foreign and defense ministries, which were temporarily disrupted. Finland is a non-NATO member but an ally. While Ukrainian President Volodymyr Zelensky was speaking to the Finnish parliament about Russia’s invasion of his country, the attack occurred.
According to James Lewis, a senior vice president and director with the Center for Strategic and International Studies’ strategic technologies program, cyberattacks on Estonia in 2007 served as a wake-up call for NATO, which decided to invest more in cybersecurity as a result.
Estonia was the target of a series of cyberattacks by Russian-based hackers in 2007, which targeted key institutions such as the foreign and defense ministries, banks, and media outlets. The attack was in response to Estonia’s decision to remove a Soviet war monument from the capital city.
“Locked Shields is one result of the NATO response to 2007, and a big improvement in cyber defense,” Lewis said, adding that “practicing coordination before any attack is crucial.”