Fortinet has once again had the honor of contributing to NATO's annual Exercise Locked Shields, a premier cyber warfare event known as the world's largest and most intricate international live-fire cyber-defense exercise.

Hosted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), this cyber-warfare exercise has been a recurring event since 2010. It is designed to help cybersecurity professionals from allied nations elevate their cyber-warfare expertise and exchange optimal strategies for safeguarding their national IT systems and critical infrastructure during live cyberattacks. Emphasizing real-world scenarios, state-of-the-art technologies, and comprehensive simulation of sophisticated cyber incidents, this exercise encompasses strategic decision-making, legal considerations, and effective communication protocols.

The mission of NATO CCDCOE is to enhance the capabilities, cooperation, and information sharing among NATO nations and partners for cyber defense. The annual Locked Shields exercise allows NATO members to exchange best practices, boost trust and resilience, and increase cyber readiness across the alliance. This year marked Locked Shields' largest event yet, involving over 3,500 participants from 41 nations where over 6,000 virtualized systems were subjected to over 8,000 cyberattacks.

The six months of preparation for Locked Shields involves collaboration between CCDCOE, industry partners like Fortinet, and participating nations. Fortinet, a member of NATO's Industry Cyber Partnership (NICP) since 2016, has proudly contributed to the development of this program for the past several years.

Red vs. Blue Dynamics

Exercise Locked Shields pits Red Teams on offense against Blue Teams on defense. Teams are comprised of experts from member nations and CCDCOE partners. The Blue Team assumes the role of national cybersecurity rapid responders tasked with aiding a fictional country under a large-scale cyberattack conducted by Red Team members.

Red and Blue Team exercises are crucial in enhancing an organization's cybersecurity posture by simulating realistic attack and defense scenarios. They provide a structured, controlled environment for testing, validating, and improving an organization's security measures.

They also help countries understand how different attackers think and operate. This enables them to defend against sophisticated cyberattacks conducted by dedicated individuals trained in cyberwarfare, whose goals, unlike those of cybercriminals, are not based on financial motivation but on disrupting a homeland's national defense strategies. That is why Red Team activities include malware and malware-like attacks and take advantage of existing system tools, vulnerabilities, and social-engineering attacks to mimic state-actor adversarial techniques. Defenders must learn how to mitigate the vulnerabilities that lead to these attacks and how to detect and prevent attacks from spreading.

Locked Shields scenarios employ cutting-edge technologies and diverse attack methods that reflect real-world cyber events. Custom-built virtual networks simulate civilian and military systems, ensuring an authentic experience for participants.

Varied Scenarios for Skill Enhancement and Cooperation

Locked Shields provides invaluable practice for participating nations to test their cyber-defense capabilities in a secure environment against skilled adversaries. Besides securing IT systems, Blue Teams also tackle incident reporting, strategic decision-making, and various challenges spanning forensics, legalities, media, and information operations.

Collaborative cyber-warfare exercises like Locked Shields are crucial in an era marked by global disruptions like the COVID pandemic and heightened cyberthreats. As society increasingly relies on digital technologies, effective collaboration between government and private sectors is imperative to defend critical systems against evolving threats.

These exercises foster collaboration among diverse entities, including countries, educational institutions, NGOs, international organizations, and businesses. With participation in this year's Locked Shields surpassing previous years, benefits include enhanced cooperation within the global cybersecurity community and the sharing of critical cyberattack data.

Cyber defense is about understanding the technical tools and capabilities available, how to apply them to a situation, along with the nuances of applying specific strategies. Sometimes, these techniques vary based on the background and culture of the cyber-defense teams. Locked Shields participants also learn from each other during their debriefs about why a specific technical solution was chosen and the reasoning behind it.

Fortinet's Involvement and Additional Smaller Entity Requirements

Fortinet participates in Locked Shields to fulfill its mission of securing people, devices, and data globally. When required, our FortiGuard Labs team provides expertise and advice to ensure attack and defense scenarios are representative of the real world. We use the deep expertise and experience we have gained in researching, investigating, and defending against the latest tactics from APT groups and state-sponsored threat actors to ensure exercise participants are getting situations that align with the cyberattacks their organizations may see in real life.

While larger-scale exercises like Locked Shields are vital, smaller entities such as state and local governments and small businesses also require tailored drills to enhance their cyber-defense capabilities. FortiGuard Labs provides exercises designed to facilitate collective problem-solving and preparedness for today's increasingly complex cyberattack scenarios. To encourage participation and a competitive environment, FortiGuard Labs creates and helps conduct mock cyberattacks and gamified situations. Participants form teams and compete against each other and are rewarded points for completing missions. This type of gamification against cyber challenges is typically called a "Capture the Flag" or CTF situation. Many cybersecurity conferences, such as our annual Accelerate conference, run CTF programs for their participants.

Learn more about Fortinet's FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.