Industry Trends

Fortinet Assists in NATO’s Annual Live-fire Cyber Defense Exercise

By Aamir Lakhani | April 22, 2022

There’s an old saying that goes like this: “How do you get to Carnegie Hall? Practice, practice, practice.” The humor is based on misdirection, but the advice is still solid: To become a world-class musician who plays at famous venues, you must practice relentlessly. Of course, this recommendation can be applied to any human endeavor like, say, cybersecurity.

Nation-states and organizations can have all the best-of-breed, state-of-the-art cybersecurity solutions, but unless their teams practice deploying and employing them and partake in cyberthreats drills, they could have sub-optimal results—including high-profile security failures—in a real-live attack. I’m trying to avoid using the cliché “practice makes perfect” because in cybersecurity there is no such thing as perfection, but the point is that repeated practice is vital for successful cyber defense.

Exercise Locked Shields

Fortinet is honored to assist the Exercise Locked Shields, which is “the largest and most complex international live-fire cyber-defense exercise in the world.” In other words, Exercise Locked Shields is a cyberwar games event and a unique opportunity for cybersecurity professionals to practice defending national IT systems and critical infrastructure under the pressure of a severe cyberattack.

Exercise Locked Shields is conducted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). This cyberwarfare drill is not a new initiative. It’s been occurring annually every spring since 2010. Locked Shields takes six months of planning between the CCDCOE, industry partners like Fortinet, and participating nations. This year, over 2,000 cybersecurity experts from 32 countries participated in Locked Shields.

Fortinet has been a NATO NICP (NATO Industry Cyber Partnership) member since 2016, focused on collaborative information sharing, so it has been exciting to see this relationship evolve through different pathways.

Red Teams vs. Blue Teams

Exercise Locked Shields consists of Red Teams (RTs) on offense versus Blue Teams (BTs) on defense. These teams are always made up of experts from the member nations and partners of CCDCOE. This year, there were 24 BTs with an average 50 participants on each team. The Blues took on the role of national cybersecurity rapid responders who were deployed to help a fictional country under a large-scale cyberattack.

Locked Shields events always use realistic scenarios, cutting-edge technologies, and complex networks. And the RTs use diverse attack methods to keep pace with the advancement of technology. The virtual networks are custom-built and include a various services and platforms to emulate both civilian and military systems. All this is done to provide an experience that accurately imitates a real-world cyber intrusion.

Exercises in Different Scenarios

It’s a great help to nations participating in this annual exercise because it offers an unprecedented opportunity to test their cyber-defense skills in a safe environment while being aggressively challenged by a highly skilled adversary. During Locked Shields 2022, roughly 5,500 virtual systems were attacked more than 8,016 different ways. That’s a lot of practice!

In addition to securing complex IT systems, the BTs needed to be effective in reporting incidents; strategic decision-making; and solving forensic, legal, media, and information operations challenges. 

Exercise Locked Shields is just like military exercises that take place in different settings with different scenarios. It’s similar to what the U.S. Marines do when they practice fighting in cold weather and snow, and then in a desert, and then in a jungle. This annual exercise is the same concept for cybersecurity professionals, where defenders are practicing in many different scenarios.

Why Collaborative Exercises Are Important

The recent disruptions from the global COVID-19 pandemic and the broader heightened cyber environment are excellent examples that support the importance of having collaborative cyberwarfare exercises like Locked Shields. The world has now become more interdependent and relies more than ever on virtual solutions to ensure continuity of societal functions.

A side effect of these developments is that the attack surface has greatly increased and requires effective collaboration between government and private-sector organizations to ensure the systems we all rely on are properly defended. 

Another reason these collaborative cyberwarfare games are important is their unique ability to bring together countries, educational entities, NGOs, international organizations, and businesses. According to the CCDCOE, the number of participants in this year’s Locked Shields drills surpassed previous exercises. The benefits that come from this event include increased cooperation within the international cybersecurity community; the sharing of vital cyberattack data; and the camaraderie that comes from common experiences among like-minded nation-states and individuals.

Why Fortinet Is Involved

Fortinet is an active participant in Locked Series for both altruistic and self-serving reasons. Our mission statement is to secure people, devices, and data everywhere. So, when there is any opportunity to help make the digital world more trusted and safer, we are happy to be involved.

What About Smaller Entities?

State and local governments as well as small businesses also need to have drills, though on a smaller scale, to build up their knowledge, capabilities, and confidence in the how to proceed in the event of an cyberattack. That’s why these exercises are done. We need people to come together and think about how best to respond to different scenarios and their effects on different entities.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.