Locked Shields cyber exercise practices for loss of satellites

The Locked Shields 2021 cyber defence exercise incorporated a range of new cyber physical systems, including a satellite mission control system, aiming to simulate real-life threats to military situational awareness.

Locked Shields is the world’s largest cyberspace exercise, and is overseen annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), a Tallinn, Estonia-based organisation that is affiliated with the alliance without being part of its command structure. This year’s exercise involved more than 2,000 participants from 30 countries, including new participants such as South Korea and Japan, said Carry Kangur, head of cyber exercises at the CCDCOE.

The 2021 event focused on a fictional island nation in the northern Atlantic, called Berylia, which experienced a deteriorating security situation. Co-ordinated cyberattacks occurred against the country’s major military and civilian information technology systems, alongside a range of other hostile events, CCDCOE said. The attacks disrupted military air defence and satellite mission control systems, along with national infrastructure. There were also disruptions to the financial system.

The ‘Blue Teams’ in the exercise acted as national ‘Cyber Rapid Reaction’ teams deployed to assist Berylia during the cyberattacks. They had to maintain about 5,000 virtualised systems while coming under more than 4,000 attacks and reporting incidents, executing strategic decisions, and solving challenges in the legal, media, and cyber forensic domains. The exercise took place from 13–16 April.

This was the first year that the exercise included a satellite mission control system designed to provide military situational awareness, Kangur told Janes. The Blue Teams that lost control of the system no longer received the data they needed to understand the actual threat situation.