Nato is investing heavily into its cyber-defence capabilities

Nato drill underlines growing cyber-security concerns

Nato has run the largest international cyber manoeuvre in the history, underlining the growing importance of cyber warfare in modern-day security.

With more than 300 participants and teams from 17 nations, the exercise, named Locked Shields, took place in late March but has only been revealed this week.

In a fake cyber-attack scenario, teams from Estonia, Finland, Italy, Spain, Germany, Holland, Turkey, Poland, Latvia, the Czech Republic, Hungary, France, Austria and Lithuania together with Nato’s international cyber-response unit had to ward off unknown attackers defacing websites and spreading infected emails.

The participants, simulated cyber-defenders of a fictional nation called Berylia, were facing a 50-strong team of computer experts simulating a heavy and sophisticated cyber-attack.  

As the situation worsened, the teams had to abandon some networks - including a major public facing website - to protect the networks that kept vital data and industrial systems running in the research centre they were defending.

"It was very challenging," said Ragnar Rattas, who runs the critical infrastructure protection team at the Estonian Information System Authority. "They were very sophisticated attacks. There were times when you just wanted to close the computer and walk away."

The goal was for the defenders to uncover the identity of the attackers – in this case, the attack was launched by a rival fictional country Crimsonia.

The game was a part of a wider initiative of Nato to test and boost its cyber-defence capabilities.

In the last years, the number of cyber-attacks launched by various criminal groups or sponsored by states has risen exponentially. Private companies and their intellectual property are a frequent target as well as critical infrastructure, political opponents or defence capabilities of rival states.

Major cyber powers such as the United States and Britain conduct their own exercises,  including use of their own highly classified offensive cyber weaponry to attack enemy systems.

Defensive simulations such as the NATO drill, however, are particularly useful for smaller states.

In November 2013, the Bank of England coordinated "Exercise Waking Shark 2", a test of the British banking system when attacked by a foreign nation that wiped data from computers.

The United States and China, those involved in discussions say, have even experimented with basic tabletop war games and scenario planning to examine how they might work together to contain dangerous malware neither state was responsible for. Such semi-formal discussions - which had engaged current and former officials from both nations - may now be on hold due to the intensifying dispute over cyber espionage between the two countries. 

"Cyber exercises have really come into their own," said Jim Lewis, a former US foreign service officer and now senior fellow at the Centre for Strategic and International Studies in Washington.

"A few years ago, they were purely technical. Now they involve policy specialists too and are on a whole different level."

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them