Cybersecurity: This giant wargame is preparing for the next big election hack

Power grids and water supplies under attack in fictional scenario as attackers meddle with elections in a small country.
Written by Steve Ranger, Global News Director

A giant cyber-defence exercise has pitted teams from NATO nations against mysterious hackers trying to cause chaos during the elections of a small, fictional, country.

The aim of the annual Locked Shields exercise is to give teams the chance to practice protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack.

The event is organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which describes the event as the largest and most advanced international live-fire cyber exercise in the world. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

According to the Locked Shields scenario, the fictional island country of Berylia finds itself under a cyberattack just as the country is conducting national elections. The coordinated attacks aim to disrupt water purification systems, the electric power grid, 4G public-safety networks, and other critical infrastructure components. The cyberattacks also attempt to undermine the trust in the election result – leading to public unrest.

While the scenario used is fictional, securing critical infrastructure and election processes from interference has become a high priority in recent years, following Russian interference with the 2016 US Presidential election, and the growing capabilities of hackers from a number of nations to disrupt critical national infrastructure like power grids. In particular, right now European countries are braced for hacking attacks against a series of national elections this year.

The teams play the role of a national cyber rapid-reaction team deployed to assist Berylia in dealing with the attacks. In addition to maintaining nearly 4,000 virtualised systems while being hit with more than 2,500 attacks, the teams must report incidents, make strategic decisions, solve forensic and legal challenges, and deal with requests from the in-game media.


The cyber-defence exercise known as Locked Shields gives teams the chance to practice protection of national IT systems.

Image: CCDCOE/Arno Mikkor

While the aim of the tech game is to maintain the operation of various systems under intense pressure, there is also a linked strategy game, which allows teams to deal with the broader impact of a cyberattack, including law enforcement and communications.

While the organisers of the exercise are in Tallinn, Estonia, the participating Blue Teams play from their home bases.

"Locked Shields allows teams to practice solving cyber incidents in the most complex and intense playground possible. To build resilience against cyberattacks against our critical infrastructure, such as power supply or telecommunications, we need to understand both the technical and strategic challenges," said Colonel Jaak Tarien, director of the NATO-accredited cyber-defence hub.

According to Lauri Luht, head of Cyber Exercises at CCDCOE, the exercise this year has tackled more complex attacks: "Considering the real-world cyber threats at national level, the training audience has a unique opportunity to practice the defence of a large-scale power grid control system and power-generating substations, and 4G public-safety network for law enforcement and emergency communication."

This year's exercise was won by the team from France, with the Czech and Swedish teams taking second and third place respectively.


Editorial standards