LLMpediaThe first transparent, open encyclopedia generated by LLMs

Exercise Locked Shields

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cyber Flag Hop 6
Expansion Funnel Raw 74 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted74
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Exercise Locked Shields
NameLocked Shields
TypeCyber defense exercise
LocationEstonia
OrganizerNATO Cooperative Cyber Defence Centre of Excellence
First2010
ParticipantsMultinational teams

Exercise Locked Shields is an annual multinational cyber defense exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, that simulates large-scale network attacks and coordinated incident response. The exercise brings together teams from NATO allies and partner states including participants from United States Department of Defense, Ministry of Defence (United Kingdom), Bundeswehr, and other national cyber commands to test capabilities against simulated threats inspired by real-world campaigns such as the NotPetya incident, the SolarWinds compromise, and attacks attributed to groups linked to Advanced Persistent Threat 29 and Fancy Bear. Locked Shields has become a focal event for cooperation among institutions like the European Union Agency for Cybersecurity, the Organisation for Security and Co-operation in Europe, and academia such as Tallinn University of Technology.

Overview

Locked Shields is a live-fire, real-time exercise combining technical Computer Emergency Response Team operations, decision-making for ministries like the Ministry of the Interior (Estonia), and strategic coordination involving organizations such as NATO Communications and Information Agency and the European External Action Service. The exercise scenario typically includes compromised critical infrastructure elements resembling systems in Energy sector, Telecommunications sector, and Healthcare sector modeled after entities like Eesti Energia and large regional providers. Teams must manage incident response, continuity of services, and legal implications involving instruments like the Budapest Convention on Cybercrime and coordination with national bodies such as CERT-EU.

History and development

Locked Shields traces its origins to multinational cyber cooperation efforts following incidents such as the Estonia cyberattacks 2007, which prompted the establishment of the NATO Cooperative Cyber Defence Centre of Excellence in 2008 and influenced later exercises including Cyber Coalition and Cyber Storm. The exercise evolved alongside frameworks from the European Union Agency for Cybersecurity and doctrines from institutions like the United States Cyber Command and the Ministry of Defense (Sweden). Over time Locked Shields incorporated scenarios reflecting the Stuxnet campaign, the WannaCry outbreak, and supply-chain concerns highlighted by the NotPetya and SolarWinds incidents, prompting engagement with standards bodies such as the Internet Engineering Task Force and the International Organization for Standardization.

Objectives and participants

Locked Shields aims to evaluate multinational teams drawn from NATO member states including Germany, France, Poland, Norway, and partner countries like Japan and Ukraine. Objectives focus on technical remediation by teams resembling Computer Emergency Response Teams, legal advice by agencies comparable to the European Public Prosecutor's Office, and political decision-making involving ministries such as the Ministry of Foreign Affairs (Finland). Organisers include the NATO Cooperative Cyber Defence Centre of Excellence with support from entities like the European Union Agency for Cybersecurity and national institutions such as the Estonian Information System Authority.

Exercise structure and scenarios

The exercise uses a red-blue team model influenced by practices in events like the DEF CON Capture the Flag competitions and commercial cyber ranges used by the SANS Institute. Scenarios simulate coordinated operations against services comparable to SCADA systems used by Siemens-style industrial control systems, financial networks resembling operations of central banks, and public communication channels akin to national broadcasters. Incident injects require responses aligned with legal frameworks such as the Budapest Convention on Cybercrime and interaction with organizations like Interpol and Europol when transnational crime elements appear.

Technologies and tools used

Locked Shields leverages cyber range technologies and toolkits from vendors and projects related to the OpenStack ecosystem, virtualization platforms used by VMware, network emulation from projects like GNS3, and monitoring tools comparable to Splunk and Elastic Stack. Teams employ forensic suites inspired by Sleuth Kit, packet analysis tools such as Wireshark, and intrusion detection systems based on work from the Snort project. The exercise also engages with research from institutions like Carnegie Mellon University and Massachusetts Institute of Technology, and follows standards from bodies like the Internet Engineering Task Force and National Institute of Standards and Technology.

Notable events and incidents

Notable moments include years when scenarios mirrored real-world campaigns such as the NotPetya-style ransomware waves and supply-chain compromises reminiscent of the SolarWinds incident, prompting debate among observers from institutions like the European Parliament and national parliaments including the Riigikogu. Participants have included elite teams from organizations like the United Kingdom National Cyber Security Centre and the United States Department of Homeland Security, and observers from academia such as University of Oxford and Harvard University. High-profile failures and successes reported by media outlets have triggered follow-up studies by think tanks such as the Atlantic Council and Chatham House.

Impact and criticism

Locked Shields has influenced doctrine and training across NATO and partner networks, informing publications by the NATO Strategic Communications Centre of Excellence and policy papers circulated within the European Commission. It has been credited with strengthening readiness among national bodies like the Estonian Information System Authority and the Finnish Transport and Communications Agency. Critics from civil society organizations including Access Now and research centers such as Electronic Frontier Foundation have raised concerns about transparency, rules of engagement, and the potential for militarization of cyberspace, echoing debates involving the Tallinn Manual 2.0 and discussions at forums like the Munich Security Conference.

Category:Cybersecurity exercises