Nato-linked cyber centre holds exercise as Ukraine war rages

TALLINN • A cyber organisation accredited by the North Atlantic Treaty Organisation (Nato) was set to conduct what it bills as the largest and most complex "live-fire" cyber defence exercises in the world beginning yesterday.

The Nato Cooperative Cyber Defence Centre of Excellence, which is based in Estonia, said the annual event, called Locked Shields, is intended to boost the skills of cyber-security experts defending national IT systems and critical infrastructure under real-time attacks.

The participants are deployed to assist a fictional country in handling a large-scale cyber attack. More than 2,000 people from 32 nations, including Ukraine, are expected to be involved.

This year's Locked Shields event comes amid the war in Ukraine, in which hacking has had a constant, if relatively muted, role in Russia's invasion.

Russian state-sponsored hackers have been accused of attacking Ukrainian government agencies and attempting to breach the power grid. Ukrainian companies have also been subject to regular cyber attacks, according to government officials.

Ukraine's government, meanwhile, has helped organise a group of hacktivists that waged cyber attacks in Russia. But concerns about cyber attacks have spread well beyond the war zone.

Finland reported an attack on government websites earlier this month, just as speculation mounted that the Nordic nation may apply for Nato membership.

And United States President Joe Biden has warned American businesses to prepare for retaliatory cyber attacks as a response to sanctions imposed against Russia.

Among the participants this year are five to 10 large financial institutions, including Mastercard and Banco Santander, said the Financial Services Information Sharing and Analysis Centre, or FS-ISAC, which helped design the virtual systems to make them look realistic, and the simulated attacks on the sector.

"By working with other organisations in a protected setting, like Locked Shields, we are able to glean insights into what others are doing and learn firsthand what is, or isn't, working," said Mr Ron Green, Mastercard's chief security officer, in a statement provided to Bloomberg News.

Mr Steven Silberstein, FS-ISAC's chief executive officer, said such exercises have been useful to the financial sector in previous years, helping them plan against major cyber attacks and even with pandemic preparedness.

They are also valuable in helping cyber professionals with muscle memory - using playbooks in close-to-real-life situations - and with learning where there are issues with defence and resiliency, he said.

The Nato exercise, which will run until Friday, is especially instructive because of its scale and global reach, and it also highlights the interdependency between the finance and other sectors, Mr Silberstein said.

BLOOMBERG