As cyber operations increasingly rival traditional warfare in strategic importance, nations are investing heavily in both offensive and defensive cyber capabilities. From cutting-edge technologies to specialist training, preparation is vital, with rigorous practice being an essential key to readiness, just as it is on the physical battlefield. In this extract from OpenSpace magazine, we peer into the world of national and international cyber warfare exercises to find out who wins.
You can read the full article and other cybersecurity and space articles in the latest issue of OpenSpace magazine.
It might surprise you to learn that for a few days in May 2025, people from 41 nations were engaged in a short-lived war. The reason most people across the world were oblivious to the intense activities underway was because this occurred not out in the open in towns and cities but online, away from the media spotlight.
The ‘war’ in question was Locked Shields 2025, a cyber defence exercise organised by the NATO Cooperative Cyber Defence Centre of Excellence. This annual event is just one of many that take place at national and international levels to enable managers and practitioners to test their cybersecurity-related skills – and learn from each other – at both strategic and detailed levels.
Preparing for real cyber threats
Cyber warfare is now an established part of international military aggression: for example, one hour before Russia launched its invasion of Ukraine, a cyberattack took place against satellite operator Viasat. This was later assessed to have been launched by the invading country with the likely intent of disrupting Ukraine’s command and control during the invasion.
Other cyberattacks attributed to state actors occur outside formally recognised conflicts but are still essentially warfare. The Center for Strategic & International Studies in the US lists numerous examples of incidents designed to gain access to military intelligence, steal other forms of data, spread misinformation or strategically sabotage critical services. The breadth of types of attack is why cyber exercises are so varied.
With cyber and space having been identified as new domains of warfare, not only by NATO but by many nations, it’s important to be able to use exercises to train against an accurate representation of real-time threats that take this into account. The objectives of such exercises include coordinating the operations and rehearsing both response actions and potential offensive actions. They also provide a means to work through scenarios that help to integrate cyber effects in a coordinated manner with conventional effects.
Locked Shields
NATO’s Locked Shields encompasses both technical and non-technical aspects. A scenario is built around a fictional country that comes under attack on a large scale, carried out by the ‘Red Team’. The ‘Blue Teams’ represent national cyber rapid reaction teams that are deployed to protect the mock state’s information systems and critical infrastructures from thousands of attacks, make management decisions in a crisis situation and ensure that decisions are well considered.
During last year’s Locked Shields, the teams faced over 8,000 complex cyberattacks targeting 8,000 virtual systems, with the exercise aiming to reflect what happens in a real conflict, such as geopolitical tensions, sovereignty violations and large-scale cyberattacks. Cloud computing and strategic decision-making tasks at ministry level were integrated into the exercises for the first time.
The exercise is also a competition, with teams tackling challenges to amass points. Each team comprises a great variety of people playing different roles that emulate real-life ones. For example, there are engineers configuring workstations, servers and software, and others monitoring the network for signs of attacks and trying to collect evidence that hosts have been compromised. Alongside them are people with legal and communications backgrounds who act as lawyers and social media managers, so that the whole team can realistically represent a single entity, such as a country.
Despite being a competition, Locked Shields is ultimately a training exercise, similar to many others that take place each year. Some exercises focus on practicing defensive measures, while others, such as NATO’s Crossed Swords, centre on offensive cyber actions. Some incorporate both. There are also cyber exercises that focus on specific elements, for example forensics, where the aim is to analyse evidence from an attack and craft a report.
Coalition coordination
Ultimately, national exercises will reflect the specific needs the country has identified. However, one consideration in modern warfare is that even if only two countries are formally engaged in a conflict, international cooperation is still an underlying factor. This is especially true when NATO countries are involved.
Cooperation between countries is therefore as necessary in the online environment as on the ground – if not more so. To maximise the success of such cooperation, regular practice is important. Events such as NATO’s Locked Shields and Luxembourg’s Cyber Fortress therefore play another vital role, which is providing a means to optimise the way countries in a coalition work together in a cyber warfare environment.
Download the PDF to read the full article
Find out more
This is an extract from the latest issue of OpenSpace magazine. Subscribe to read the full version and more, including articles on cybersecurity and defence, and the Cyber Resilience Act.