This annual exercise, organised by CCDCOE since 2010, enables cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies and simulating the entire complexity of a massive cyber incident, including strategic decision-making, legal and communication aspects.

It is a Red team vs. Blue Team exercise, where the latter are formed by member nations of CCDCOE. In 2021 there were 22 Blue Teams participating with an average 40 experts in each team. The Teams take on the role of national cyber Rapid Reaction Teams that are deployed to assist a fictional country in handling a large-scale cyber incident with all its implications. The Exercise in 2021 involved about 5000 virtualised systems that were subject to more than 4000 attacks. The teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks and attack methods.

New Challenges in 2021

The exercise involved new cyber-physical systems and integrated technical and strategic elements, enabling participating nations to practice the entire chain of command in solving a large-scale a cyber incident. Reflecting real world cyber threats, the Exercise  addressed the protection of vital services and critical infrastructure that are fundamental for modern societies to operate. These included critical information infrastructure, power and water supply and national defence systems with Locked Shields 2021 introducing several new systems with enhanced capabilities. For example, for the first time the Exercise involved a satellite mission control systems needed to provide real time Situational Awareness to aid military decision making.

In 2021 Locked Shields also featured new dilemmas for the strategic decision making element of the Exercise. Cyber dependencies of the financial services sector will be highlighted. The Exercise examined how evolving technologies, such as deepfakes, will shape future conflict. The scenario will also examine the new realities introduced by the COVID-19 pandemic such as greater security vulnerabilities introduced by remote work and automation. Overall, the strategic decision making exercise will allow senior leaders to practice the coordination and decision making process necessary to address a major cyber event both domestically and with the help of international partners.

More than 2000 experts from nearly 30 nations took part in Locked Shields 2021. In terms of the organisation of the exercise, Locked Shields in 2021 was more international and challenging than ever before. It has always been an exercise in which the training audience and thus most of the participants from 30 countries have taken part remotely with only the organising team in Tallinn. However, in 2021, due to the pandemic, the majority of the organising team also contributed remotely from across the entire world. This made Locked Shields 21 the world’s largest ‘global’ live-fire cyber defence exercise.

The Exercise was also unique in the scope and depth of cooperation between nations, academia, international organisations, and industry partners. The number of partners in 2021 exceeded previous years and continues to grow every year. Locked Shields facilitates the growth in cooperation within the international security community by establishing professional contacts as well as in the sharing of information and experience among like-minded nations.

The Swedish team emerged as the winner of Locked Shields 2021. Enjoy the video of the Exercise.

Essential Takeaways

Locked Shields is a unique opportunity to encourage experimentation, training and cooperation between members of the CCDCOE, NATO and partner nations. It offers an unprecedented opportunity for nations to challenge themselves in an authentic but safe training environment while being aggressively challenged by highly skilled adversaries. The network which the Blue Teams must defend consists of more than 150 virtual hosts per team. The virtualized Blue Team networks are custom-built and include a variety of services and platforms, both civilian and military.

The exercise addresses areas which have proved to be most challenging for Blue Teams in recent years:

  • Protecting unfamiliar specialised systems;
  • Writing good situation reports under serious time pressure;
  • Detecting and mitigating attacks in large and complex IT environments;
  • Well-coordinated teamwork.

Locked Shields 2021 is organised by CCDCOE in cooperation with NATO Communications and Information Agency, the Estonian Ministry of Defence, the Estonian Defence Forces, Siemens, Ericsson, TalTech, Foundation CR14, Bittium, Clarified Security, Arctic Security, Cisco, Stamus Networks, SpaceIT, Sentinel, the Financial Service Information Sharing and Analysis Center (FS-ISAC), US Defense Innovation Unit, Microsoft, Atech, Avibras, SUTD iTrust Singapore, The European Centre of Excellence for Countering Hybrid Threats, NATO Strategic Communications Centre of Excellence, European Defence Agency, Space ISAC, the US Federal Bureau of Investigation (FBI), STM, VTT Technical Research Centre of Finland Ltd, NATO M&S COE and PaloAlto networks.

Locked Shields 2021 Key Facts:

  • Live-fire = real-time Red Team vs. Blue Team exercise
  • Involves regular business IT, critical infrastructure and military systems
  • Integrates technical and strategic decision-making exercise
  • More than 2000 cyber defence experts from nearly 30 nations
  • Runs on Cyber Range, an innovative platform managed by the Foundation CR14