Defending Cyberspace

NATO countries simulate cyber attacks to boost capabilities


In April 2007, Russian hackers incapacitated Estonia’s internet with distributed denial of service attacks aimed at government and financial institutions. In August 2008, Georgia, another former subject state of the now-defunct Soviet empire, was hit by similar attacks during an arms invasion by Russian conventional forces. This was the first time cyber attacks were used in coordination with an armed attack as Russia introduced its new “hybrid” warfare model. In March 2014, Russia used similar tactics, but magnitudes greater, when its armed forces seized control of Crimea from Ukraine. And in June 2017, the NotPetya malware attack, which the United States and United Kingdom have attributed to Russia, shut down airports, energy grids, banks and government services in Ukraine.

These are just a few examples of how Russia has used cyber attacks to further its national interests or punish its neighbors for perceived offenses. Other adversarial nations, including the People’s Republic of China, North Korea and Iran, have been described as cyber aggressors by U.S. intelligence and security officials. Russia and other adversaries have been working furiously to hack secure government and military networks of numerous Western countries, including the much-publicized efforts to interfere in American elections, and have been attempting to access Western critical infrastructure networks, such as electrical grids. 

In an increasingly digital world, almost every facet of life is connected to networked information systems. More than ever, a robust cyber defense is crucial to defending national critical infrastructure of all types — energy, financial, governmental and military — in wartime and peacetime. Countries such as Estonia and its Baltic neighbors, having already been targeted by Russian cyber attacks, are intimately aware of the threat and are preparing for the worst.

Russian soldiers without identifying insignia block a road to a Ukrainian military airfield near Sevastopol in Crimea. Russia used massive cyber attacks as part of a hybrid warfare strategy to occupy and annex the Ukrainian territory. AFP/GETTY IMAGES

This is why NATO conducts exercises such as Locked Shields 2019, which was held in late April 2019 at the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. It was the largest live-fire cyber exercise hosted by the CCDCOE, incorporating more than 1,200 cyber experts from 30 nations, some in Tallinn and others participating remotely through secure connections from their home countries. 

The exercise focused on the fictional country of Berylia, which was experiencing coordinated cyber attacks against a major civilian internet provider and a maritime surveillance system. The attacks disrupted power distribution, 4G communications systems, a water purification system and other critical infrastructure components.

The exercise was designed using the evolving threat landscape and previous years’ lessons, addressing areas that have been the most challenging, according to the CCDCOE. It highlighted the “need for improved dialogue between experts and decision-makers,” the CCDCOE said on its website. “For that purpose, the CCDCOE integrated the technical and strategic game, enabling participating nations to practice the entire chain of command in the event of a severe cyber incident, from strategic to operational level and involving both civilian and military capabilities.”

The French team emerged as the winner of Locked Shields 2019, which the organizers touted as a success. “Locked Shields is a unique opportunity to encourage experimentation, training and cooperation between members of the CCDCOE, NATO and partner nations,” the CCDCOE stated. “It offers an unprecedented opportunity for nations to challenge themselves in an authentic but safe training environment while being aggressively challenged by highly skilled adversaries.”

A convoy of Russian troops makes its way through the mountains in the direction of Georgia on August 16, 2008. Russia used cyber attacks in coordination with conventional arms when it invaded Georgia. AFP/GETTY IMAGES

NATO designated cyber defense as part of its core task of collective defense at the 2014 Wales summit, meaning that a cyber attack can trigger an Article 5 response by the alliance. Article 5 is NATO’s collective defense mandate, which states than an attack on one NATO country is an attack on all. In 2016, NATO put cyberspace on par with land, sea and air domains, making cyber an integral part of NATO operations in all theaters and enabling more focus on training and military planning.

The NATO Computer Incident Response Capability, including its rapid reaction teams, is central to the alliance’s efforts to defend its own networks. These resources are also available to help member nations protect their networks. NATO also helps members through information sharing and best practices. The CCDCOE is NATO’s go-to resource on research, education and training in the cyber realm.

Locked Shields 2019 demonstrated the capabilities of the alliance’s cyber warriors and helped them improve in their mission to protect critical systems. However, there is no time for complacency. “Cyber attacks can be as damaging as conventional attacks,” NATO Secretary-General Jens Stoltenberg said in a speech at the Cyber Defence Pledge Conference in Paris in May 2019. “A single attack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyze our critical infrastructure, undermine our democracies and have crippling impact on military capabilities. Cyber attacks are becoming more frequent, more complex and more destructive — from low-level attempts to technologically sophisticated attacks. They come from states and nonstate actors, from close to home and from very far away. And, they affect each and every one of us.”