LLMpediaThe first transparent, open encyclopedia generated by LLMs

Locked Shields

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: NATO Cooperative Cyber Defence Centre of Excellence Hop 4
Expansion Funnel Raw 88 → Dedup 3 → NER 2 → Enqueued 0
1. Extracted88
2. After dedup3 (None)
3. After NER2 (None)
Rejected: 1 (not NE: 1)
4. Enqueued0 (None)
Locked Shields
NameLocked Shields
TypeCyber defence exercise
LocationTallinn, Estonia
First2010
OrganiserNATO Cooperative Cyber Defence Centre of Excellence
ParticipantsInternational teams from NATO, EU, NATO partner countries

Locked Shields

Locked Shields is an annual large-scale cyber defence exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. It brings together national teams from NATO members, European Union states, NATO partners and invited organizations to practice incident response, forensics, crisis communication and technical defence under realistic stress. The exercise integrates realistic scenarios drawn from contemporary incidents and emerging threats to validate readiness and interoperability among military, civil, and private sector entities.

Overview

Locked Shields is a defensive cyber exercise emphasizing rapid incident response, technical remediation and strategic decision-making under pressure. The exercise simulates complex multi-domain incidents that reference recent cases like the NotPetya attacks, the SolarWinds compromise, the Colonial Pipeline incident, and supply chain intrusion patterns associated with groups linked to Sandworm and Fancy Bear. Teams must coordinate across stakeholders including national CERTs such as CERT-EU, private companies like Microsoft and Cisco Systems, and international organizations such as European Defence Agency and OTAN liaison elements. Observers and subject-matter experts often include representatives from United States Cyber Command, ENISA, and the Cybersecurity and Infrastructure Security Agency.

History and Development

Locked Shields originated in the early 2010s amid rising tensions following the Russo-Ukrainian War and high-profile incidents like the Stuxnet operation and the Sony Pictures Entertainment hack. The inaugural exercises reflected lessons from the Estonian cyberattacks of 2007 and leveraged expertise from institutions including the Tallinn University of Technology and the Estonian Defence Forces. Over time, the scenario design incorporated tactics, techniques and procedures observed in operations attributed to actors such as Cozy Bear, Lazarus Group, and APT28, and drew on frameworks developed by NIST and NATO policy documents like the Tallinn Manual. As the exercise matured, collaborations expanded to include the Global Cyber Alliance, the Council of Europe cybercrime bodies like Eurojust, and industry partners such as IBM Security and CrowdStrike.

Exercise Format and Components

Locked Shields combines realistic network environments, red team adversary operations, and blue team defence tasks. Scenario play often mirrors investigations into incidents similar to the Log4Shell vulnerability exploitation, the EternalBlue propagation method, and ransomware campaigns tied to groups like REvil or Conti. Components include live forensics, network traffic analysis referencing tools by Wireshark and playbooks used by SANS Institute alumni, crisis communication exercises involving ministries such as Ministry of Defence (Estonia), press briefings based on models from BBC News and legal coordination with bodies like European Court of Human Rights when data protection issues invoke General Data Protection Regulation. Scoring assesses technical remediation, decision-making, legal compliance, and interoperability with partners like Interpol and Europol.

Participating Organizations and Nations

Participants range from NATO member states including United States, United Kingdom, Germany, France, Italy, Spain, Poland, Turkey, and Canada to EU member states like Sweden, Finland, Netherlands, Belgium, Denmark, Romania, and Greece. Partner states and invited teams have included Ukraine, Georgia, Japan, South Korea, Australia, and Israel. Organizers and supporters include the NATO Cooperative Cyber Defence Centre of Excellence, Estonian Information System Authority, Ministry of Foreign Affairs (Estonia), and private sector partners such as Google and Amazon Web Services. Academic contributors come from institutions including University of Oxford, Harvard University, Tallinn University of Technology, and King's College London. Law enforcement and international agencies such as Europol, Interpol, CERT-EU, and ENISA regularly provide expertise.

Notable Incidents and Outcomes

Locked Shields scenarios have mirrored high-stakes incidents prompting procedural reforms; for example, exercises incorporating ransomware scenarios influenced national playbooks following the WannaCry and NotPetya crises. Specific lessons have been publicized in reports co-authored with organizations such as RAND Corporation and Atlantic Council, and informed capability development at commands like USCYBERCOM. Teams have highlighted the need for secure supply chain practices after simulations resembling the SolarWinds compromise and stressed cross-border legal cooperation echoing cases handled by Eurojust and European Public Prosecutor's Office. Notable participant outcomes include improved interoperability metrics used by NATO during exercises and adoption of incident response frameworks advocated by NIST and ISO/IEC 27001 audits.

Impact on Cybersecurity Policy and Training

Locked Shields has influenced national and international policy, training curricula, and public-private cooperation models. Insights from the exercise have fed into NATO cyber defence doctrine, European Commission initiatives on cyber resilience, and national strategies adopted by countries such as Estonia and Germany. Training outcomes have been integrated into programs at institutions like SANS Institute, Imperial College London, and national cyber academies in Finland and Sweden. The exercise has encouraged greater collaboration between ministries such as Ministry of Defence (United Kingdom), national CERTs like CERT-UK, and industry leaders including Microsoft, fostering information-sharing mechanisms reminiscent of those championed by the Cyber Threat Alliance. Locked Shields' emphasis on legal, technical and policy coordination has also influenced legislative debates in bodies such as the European Parliament concerning resilience and attribution frameworks.

Category:Cybersecurity exercises