Cyber defence on the digital battlefield
Locked Shields is the largest NATO cybersecurity exercise and is currently bringing together IT experts from across the globe. During the exercise, cyberattacks are mounted on simulated computer networks and IT systems of critical infrastructures in real time. Multinational teams comprising military and civilian IT experts and administrators are tasked with fighting off these attacks. Around 3,500 participants from 32 NATO countries — the highest number ever — have risen to this year’s complex challenge, which runs until 26 April. These include researchers from the Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, which is based in Bonn.
The NATO Cooperative Cyber Defence Centre of Excellence CCDCOE, which is based in Tallinn, Estonia, has been organising the Locked Shields event once a year since 2010. Creating near real-life scenarios is central to this two-week large-scale exercise, the stated aim of which is to practise and improve national and international processes and procedures for fighting cyberattacks.
This year, the simulation features an attack by the fictional state of Crimsonia on the also fictional state of Berylia, with NATO going to its rescue. The attacking Red Team working from Tallinn manipulates and attacks the virtual systems in real time. The exercise sees the deployment of the live-fire means and methods that are also used by real enemy forces. The Red Team comprises cyber experts who specialise in infiltrating hostile systems.
Thousands of simulated attacks
On the other side, the defenders on the Blue Team, who mainly work decentrally from their home locations or come together at central locations in participating nations, are globally networked and have to defend their IT systems from thousands of simulated attacks on the entire critical infrastructure — from military networks and energy supplies right up to communication — as well as troubleshoot and restore compromised systems.
In Germany, the national implementation of Locked Shields is in the hands of the Cyber and Information Domain Service, which this year has chosen an exhibition hall on the former nuclear power plant site in Kalkar in the Lower Rhine region as the location for the event. Gathering here are the around 150 participants from federal agencies, the federal police, industry and business who, known as Blue Team 10, are working with soldiers from the Cyber and Information Domain organisational unit on ensuring effective cyber defence. Among the participants are Daniel Baier, Jan-Niclas Hilgert, Martin Lambertz and Daniel Plohmann, scientists from the FKIE Cyber Analysis & Defense (CA&D) research department.
Assistance with attack detection and forensic analysis
For the cyber experts, the NATO exercise is far from being uncharted territory. “We have been assisting the teams with the administration of the networks, attack detection and forensic analysis for a number of years,” says Head of CA&D Prof. Elmar Padilla. He adds that the exercise offers the opportunity to train and optimise one’s own capabilities and processes regarding the defence of national IT systems and critical infrastructure in real time. He also emphasises: “At the same time, it’s also about making a contribution to national security provision in collaboration with all relevant stakeholders.”
For the first time this year, around 50 soldiers from Singapore are also part of the German Blue Team. FKIE Institute Director Prof. Peter Martini is particularly excited about this collaboration. “As part of our close cooperation with the Cyber and Information Domain Service, which we have enjoyed since 2018, this event allows us to rehearse emergency scenarios on the digital battlefield alongside soldiers,” he said during his visit to Kalkar. He added that Fraunhofer FKIE cooperates closely with Singapore and is officially part of the bilateral collaboration between Germany and Singapore in relation to cyber defence. “Cyber exercises such as Locked Shields are an excellent way of pooling resources to confront global threats from the cyber and information domain. As Fraunhofer FKIE, we are delighted to be deploying our exceptional specialists and the tools we have developed to make our contribution in this area.”