Military cyber security specialists are preparing for the largest cyber war game in the world, which kicks off tomorrow as the fictional NATO member state of Berylia comes under attack.
The real-time NATO exercise will include defenders practising the protection of critical civilian and military infrastructure, including water treatment facilities and energy plants.
Amid the increasing risk of real international conflict, the exercise will also include legal teams who will need to figure out if and when a particular action is acceptable under international law, as well as strategic communications experts to handle disinformation.
How does it work?
Organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) based in Tallinn, Estonia, the Locked Shields exercise is an annual network defence drill using real-world skills.
The scenario is based on an attack on the fictional country of Berylia – hypothetically situated in the northern Atlantic – and an adversary called Crimsonia that is creating some artificial islands.
Although the adversary is not mapped to a specific NATO adversary, Crimsonia has traits of both Russia and China in its ambitions and conduct.
The idea is to test multiple teams’ skills just as they would be tested if they were forced to remotely come to the aid of NATO ally Berylia as it is targeted by “a sophisticated and intense series of cyber attacks”.
Participants include specialists working for NATO member states through to the CCDCOE’s private sector partners that develop the operating technology that supports critical national infrastructure.
The defenders are scored on how effective they are not only in securing complex IT systems, but also in reporting incidents, making strategic decisions, and solving forensic, legal, media and information operations challenges.
What role does information warfare play?
Dr Adrian Venables, a British academic who has been involved in the exercise for the past seven years, explained to Sky News that the information warfare aspects were a new twist added in for 2021.
“This year for the first time, we’ve got added realism, a more complicated scenario, bringing with it some of the information warfare aspects, which NATO’s adversaries are extremely proficient at,” Dr Venables said.
“The information battle is in many respects, as important as the more conventional cyber battle,” he said, noting how during wartime an adversary could attempt to convince a civilian population that NATO was the aggressor and painting itself as a liberating force.
“What we’re trying to do is to give the teams a more rounded and comprehensive experience where they have to think about more things,” he said.
One scenario could be convincing the target population that the water supply has failed due to government mismanagement, rather than a cyber attack, potentially turning the population against the government rather than recognising the threat.
“We’ve got a simulated social media, where we’ve got disinformation being produced – we’ve got continuing intelligence reports for the teams, we’ve got a simulated news service,” Dr Venables added.
“So the teams have to monitor lots of different aspects of the exercise – we’ve even got some deep fakes, to play video that we’ve produced in house – and all of these things give the teams a very realistic and genuine experience.
“And after seeing this, they should be able to interpret the passage of events and be able to anticipate where they’re going to be attacked, and how they’re going to respond,” he said.
How important are the laywers?
The legal aspect of the exercise was a “vital part” he added, noting that there was a large legal team involved to simulate the decisions that would need to be made during a real-world conflict.
Back in 2018, the UK became one of the first countries to set out its legal approach to applying international law in cyberspace – amid growing tensions with Russia – but the topic is far from settled.
“At some point, each nation may trigger what it regards as a hostile act, or perhaps an act of war,” Dr Venables said, “and so there’s this continuous communication between cyber defenders, who are quite often computer geeks – for whom communication doesn’t necessarily come overly easily.
“They need to talk and explain in straightforward terms to non-technical experts, such as the lawyers, what they’ve seen, for the lawyers to interpret events in the context of international law, and also national policy.”
“We are reflecting reality,” Dr Venables told Sky News, adding: “The key point is that because we’re not focused on one particular adversary, we can actually focus on everything our adversaries might try to do against us.”