Is it possible to be fully prepared for cyber attacks? It's practically impossible. But NATO's large-scale exercise Locked Shields simulates a realistic scenario with problems and a context that are very close to reality. More than 4,000 people from no fewer than 41 different countries took part in this training exercise. The Centre for Cybersecurity Belgium (CCB) was invited by the Belgian Defence Cyber Command to be part of the team. Belgium, Latvia and Luxembourg formed a blue team of 260 people who were subjected to cyber attacks for four days. This enabled them to further optimise the various cyber capabilities available to the Cyber Command of the SGRS.
‘The exercise requires months of preparation. Even so, we cannot be ready for what awaits us in the coming days,’ said one of the participants at the start of the exercise. During Locked Shields, organised by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE), different teams around the world are simultaneously subjected to a large-scale cyberattack.
Seventeen blue teams were tasked with protecting a fictional country, ‘Berylia,’ from realistic cyber attacks carried out by the red team. The more a blue team defends ‘Berylia,’ the more points it earns. There are also green, yellow, and white teams, which are neutral teams responsible for developing the scenario and simulating normal network use.
The international Belgium-Luxembourg-Latvia blue team came fourth out of 17 blue teams. This is an impressive achievement, given the difficulty of the exercise. After the exercise, one participant proudly said: ‘Our team performed really well. I saw the team and myself improve during the exercise and we were also able to develop some great partnerships. Locked Shields 2025 was therefore a resounding success!’
‘Train as you fight’
We are hearing more and more about cyber attacks targeting critical systems. Examples include energy distribution, satellite communications and 5G. These systems must remain operational and user access must be maintained during attacks. A member of the reporting team explains that this requires a great deal of coordination: ‘Our own blue team consists of 19 sub-teams to control everything. We have teams that identify the source of attacks and fight them, others that monitor, draft legal opinions, follow the media and much more. Communication between the different teams is crucial, but it's also the biggest challenge to overcome in order to be successful.’
Participants gain experience in how to respond in a war situation and how quickly they need to react and make decisions. Everyone is pushed to their limits, which is what makes Locked Shields so interesting.
‘For me, it's important that participants not only gain knowledge and expertise to deal with these kinds of situations in the future, but also that they meet colleagues, expand their network and thus lay the foundations for long-lasting collaborations and partnerships across borders,’ says one of the organisers.