As grids of lights flash red and sirens wail, teams of cyber-defense specialists snap into action as power networks and water-purification plants come under attack. They are the best in their field – and in this exercise, they are competing against one another.
Operation Locked Shields, a so-called live-fire cyber exercise, is hosted annually by NATO’s Cooperative Cyber Defense Center of Excellence or CCDCOE in Estonia, is aimed at testing members’ and allies’ abilities to see off the latest hacks, malware and cyber interference.
“It is about friendly competition. But what makes it the world’s biggest is first of all the number of nations who are contributing to it. We then bring the ‘crème de la crème’ of all nations together to match each other and also learn to cooperate with each other,” said Siim Alatalu, a senior researcher at the center.
Estonia was the one of the first countries to suffer a large-scale cyber-attack back in 2007 – and most experts say Russia was the culprit. The Baltic country is now at the forefront of NATO’s cyber-security efforts. In a sign of its growing global reputation, Japan has just joined the CCDCOE, hoping to glean valuable skills and information to help defend the upcoming 2020 Olympic Games from cyber-attacks.
While Operation Locked Shields is a practice run, the threat is very real, says Alatalu. “Everything is technology dependent. And therefore everything could be hacked.”
In the winters of 2015 and 2016, Ukraine suffered hacking attacks on its power network, shutting down systems for several hours. Kyiv blamed Russia – a charge Moscow denied.
As well as hacking, governments face the growing problem of disinformation: using the web to disrupt democracies. Analyst Ben Nimmo of the Atlantic Council’s Digital Forensic Research Lab spoke to VOA at last week’s NATO summit.
“If you look at the Russian interference operation in the U.S., as far as we know it started in April 2014 and it was still going in October 2017 when it shut down," said Nimmo. "So they’ve had a three-and-a-half-year operation running, which included a reported 100 people, several thousand accounts on social media, over 50,000 bot accounts amplifying it. This was a big, big operation, which was then further amplified by state propaganda like RT [Russia Today] and Sputnik.”
So is NATO doing enough to counter these threats?
“They appreciate them more than they did two years ago and you can see that from the summit declaration itself. For the first time, it mentions disinformation as a specific threat and as part of a bigger picture of hybrid warfare,” said Nimmo.
Since 2014, NATO’s core principle of collective self-defense, Article 5, can be invoked in the event of a cyberattack on one member. The response could include sanctions, cyber responses, or even the use of conventional forces.
While that may seem a remote possibility, NATO’s Secretary-General has warned that a cyberattack could be as destructive as a conventional military strike.