Two NATO events this week highlight the proliferation of malicious cyber/hybrid attacks, the importance of preparing and responding to attacks—and the criticality for a nation’s vital networks and civil infrastructure to remain resilient under attack.
Locked Shields 2019
In Europe, a team of nearly 40 cyber security experts, led by the NATO Communications and Information Agency (NCIA), will compete in Locked Shields 2019, April 9 – 12. Called the world’s largest live-fire cyber exercise, according to a NATO release, the NATO team, which won the competition in 2018, is strengthened this year with 10 volunteers from six NATO Allies: Bulgaria, Croatia, Norway, Romania, Slovenia and Turkey.
More than 1,000 international cyber defenders and decision-makers are expected to take part in Locked Shields 2019, NATO said. Organized by the NATO Cooperative Cyber Defence Centre of Excellence in Estonia, the event uses a game-based approach, enabling participants to take on roles in fictional response teams. The goal is to assess a crisis situation, maintain services and defend networks that have fallen victim to cyber-attacks.
During the several-day exercise, the NATO team will act as a Blue Team protecting networks, according to a NCIA release.
In an intricately detailed fictional scenario, the island country Berylia is experiencing a deteriorating security situation. This falls at a critical time for Berylia as the country is conducting national elections. Several hostile events coincide with coordinated cyber-attacks against major civilian information and communications technology (ICT) systems. The attacks cause severe disruptions in the operation of water purification systems, the electric power grid, 4G public safety networks, and other critical infrastructure components. The cyber-attacks also effect the nation’s perception of election results, leading to public unrest.
NATO's Blue Teams can expect quite a few vulnerabilities in the systems they must protect. They will have limited access to the environment before the exercise, so they will have to quickly assess the situation once Locked Shields begins.
The exercise takes place in a lab environment, so no operational networks will be used.
Preparing for this exercise was a two-way mentoring effort, where the experts learned from the NCIA, and the Agency learned from them. Forming this team was another way for the NCIA to strengthen the community of cybersecurity experts it is building under its Cyber Security Collaboration Hub initiative.
The NCIA took the first step to launch the Hub Feb. 12, 2019. Allied Computer Emergency Response Teams from five nations – Belgium, France, Netherlands, United Kingdom and United States – were connected then to NATO's protected business network.
This pilot program will allow nations to quickly and securely share information with each other, and with the NCIA.
Access to the network, which provides an encrypted workspace with secure video, voice, chat and information gathering, will roll out to all 29 Allied nations later this year, NCIA said.
Cyber exercises like Locked Shields are valuable opportunities for national and NATO cyber-experts to realistically practice protecting their IT systems and critical infrastructure against severe cyber-attacks. The training also promotes understanding and cooperation between civilian and military experts and decision-makers involved in responding to cyber-threats resulting in the loss of civil services and the military’s ability to assist.
Stateside, the NATO Supreme Allied Commander Transformation, French Air Force General Andre Lanata, is bringing together NATO leaders, policymakers and experts from government, civil and private organizations at the Resilience Conference in Norfolk, Virginia, April 9 – 10. The Conference will be co-hosted by the Mayor of the City of Norfolk. The aim of the conference is to increase understanding for civilian/military cooperation in preparing for hybrid/counterterrorism events.
ACT defines resilience as: a society’s ability to resist and recover easily and quickly from crises; combining civilian, economic, commercial and military elements. According to ACT, the conference discussions will focus on a fictitious scenario with the aim of fostering the sharing of best practices between the various stakeholders, and will explore how NATO can support nations in building collective resilience.
The conference will help to build a persistent trans-Atlantic resilience capacity which will greatly support, shape and inform other ongoing Allied Commander Transformation’s work strands, like military mobility, collaborative resilience, urbanization as well as the wider work on smart cities, autonomy, internet of things and disruptive technologies.
Allied Command Transformation’s mission is to contribute to preserving the peace, security and territorial integrity of Alliance member states by leading the warfare development of military structures, forces, capabilities and doctrines. ACT’s mission must enable NATO to meet its level of ambition and core missions.