Kick off for ‘world’s largest’ cyber wargames for FSIs

Locked Shields 2023 NATO FS-ISAC cyber wargames

The world’s largest ‘live-fire cyber defence exercise’ has officially kicked off in Tallinn, Estonia with 29 financial firms from around the world participating in the four-day, NATO-led cyber defence exercise.

The annual Cooperative Cyber Defence Centre of Excellence (CCDCOE) exercise, known as ‘Locked Shields’, involves a “complex and cascading set of cyber-attacks on a fictional country, with impacts ranging from military and government to critical infrastructure such as energy, telecommunications, shipping, and financial services.”

The FS-ISAC, a cyber intelligence-sharing consortium for financial services, has designed and leads the financial sector scenario for the 2023 strategic exercise.

The exercise, the FS-ISAC said, “simulates real-life payments system outages by a central bank and the cascading impacts on the financial system”.

“The scenario is based on similar but far less severe outages experienced over the last several years at major central banks around the world.”

The training exercise pits an attacking Red Team against defending Blue Teams, composed of NATO CCDCOE member states and partner nations. In addition to defending systems, teams must report incidents, execute strategic decisions, and solve forensic, legal, and media challenges.

Among the financial services sector participants in this year’s exercise include Banco de Espana, Bank ABC, Banking and Payments Association Ireland, Barclays, CME Group, Mastercard, NLB, Nordic Financial CERT, Santander, and Union Bank and Trust – all of whom are FS-ISAC members.

“Exercises like Locked Shields strengthen the resilience of the global financial sector and encourage collaboration and coordination across all critical infrastructure and public sectors,” said FS-ISAC chief executive Steven Silberstein.

“Our participation will allow us to crowdsource exercise responses from our global membership to assess and mitigate threats as the scenario unfolds, building the muscle memory our members and the overarching sector can rely on when faced with real-time cyber warfare.”

Director of the CCDCOE Dr Mart Noorma said the agency, which falls under NATO’s banner, had “identified [an] urgent need” for financial services providers to join nation-states in preparation against current cyber threats.

“FS-ISAC’s insights into the challenges facing the global financial system inform realistic exercise development, and we appreciate their continued support and involvement as we strive to protect global critical infrastructure from future cyber incidents.”

In total, more than 3,000 participants from 38 nations are participating in the CCDCOE exercise, protecting real computer systems from real-time attacks, and training tactical and strategical decision-making in critical situations.

Locked Shields has been hosted in Estonia’s capital Tallinn since 2010.