As the West braces for Russian cyberattacks amid the war in Ukraine, NATO’s Communication and Information Agency (NCI Agency) is beginning its annual Locked Shields cyber defense simulation.
The wargame, which began on Tuesday in Tallinn, Estonia, will provide technical training to cyber teams from NATO members and allies. The teams will compete against each other in a simulation aimed to help them understand how to best defend their networks and critical infrastructure against cyberattacks.
The annual exercise comes at a time when NATO members are on high alert for Russian cyberattacks targeting critical infrastructure as the war in Ukraine escalates, along with diplomatic and economic sanctions on Moscow.
“Exercises like Locked Shields provide opportunities for both the offense and the defense to hone their skills,” said Michael Daniel, president and CEO at Cyber Threat Alliance.
“Given the war in Ukraine and the threat posed by Russian cyber activities, it’s important for NATO to exercise its cyber capabilities,” he added.
Daniel said that although the timing of the training and the war in Ukraine is a coincidence, the U.S. and NATO have the opportunity to incorporate the latest Russian cyber activities into their exercises so the participants can learn in real time.
James Turgal, vice president of cyber consultancy Optiv, said such exercises are meant to teach and train the participants on how to anticipate the enemy’s thought process and cyber tactics.
“It’s critical to understand where your vulnerabilities are but more importantly how you are going to respond,” Turgal said.
Since the war began, Ukraine has been the target of numerous cyberattacks that targeted its critical infrastructure and government websites. Last week, Ukrainian officials said they successfully prevented a cyberattack intended to disrupt the country’s electrical grid. Government officials said the hackers behind the attack are affiliated with the GRU, Russia’s military agency.
Earlier this month, Microsoft said it had disrupted Russian cyberattacks targeting Ukraine and organizations in the U.S. and the European Union, including media outlets and policy-related institutions. And just last month, a Google report found that Russian-backed hackers tried to penetrate the networks of NATO, U.S.-based nongovernmental organizations and the militaries of several European countries by launching phishing campaigns.
Finland, which is not a NATO member but an ally, was also hit with cyberattacks in early April that temporarily disrupted the country’s government websites, including the foreign and defense ministries. The attack occurred while Ukrainian President Volodymyr Zelensky was addressing the Finnish parliament about Russia’s invasion of his country.
James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies, said that cyberattacks targeting Estonia in 2007 were a wake-up call for NATO, which subsequently decided to invest more in cybersecurity.
In 2007, Russian-based hackers targeted Estonia with a series of cyberattacks that hit key institutions including its foreign and defense ministries, banks and media outlets. The attack was in response to Estonia’s decision to remove a Soviet war monument from the capital city.
“Locked Shields is one result of the NATO response to 2007, and a big improvement in cyber defense,” Lewis said, adding that “practicing coordination before any attack is crucial.”