NATO’s annual large-scale drill for cyberattacks began Tuesday, with participants from 32 countries practicing fending off hacks against critical infrastructure like power plants and air defense systems.
The exercise mirrors “real life attack scenarios based on cyber-attacks seen over the past 30 years,” Ian West, chief of the NATO Cyber Security Centre, told CNN in an email.
The mock hacking incident will charge participants with “maintaining and ensuring the availability of essential capabilities such as a water plant, power plant, air defence system, financial systems, etc.”
Nearly 2,000 participants from 32 countries will participate in cyber defense exercise known as Locked Shields, according to the US-based Financial Services Information Sharing and Analysis Center, a threat-sharing hub for big banks that is leading a portion of the drill.
The drill was planned months in advance and does not directly incorporate cyber threats stemming from Russia’s war in Ukraine, West said. But the war, and suspected Russian and Belarusian cyber activity tied to it, is impossible to ignore.
More background: As Russia’s invasion began in late February, suspected Belarusian hackers attempted to breach the email accounts of European government officials “involved in managing the logistics of refugees fleeing Ukraine,” according to cybersecurity firm Proofpoint, which discovered the incident.
Around that time, unidentified attackers targeted Ukrainian government contractors with a presence in Latvia and Lithuania, two NATO members, with malicious code that wiped computer systems, according to researchers at Broadcom Software.
Locked Shields, which debuted in 2010 and is run out of NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia, reflects the alliance’s increasing emphasis on cyberspace as a domain of multilateral defense.
Though Russia invaded Ukraine to prevent it from one day joining NATO, the bloc’s Cooperative Cyber Defence Centre of Excellence voted days after Russia’s invasion to admit Ukraine as a “contributing participant” to the cybersecurity research and training hub.
“Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training,” said Col Jaak Tarien, CCDCOE’s director, in a apparent nod to years of Russian cyberattacks aimed at Ukraine.
