NATO tests its hand defending against blended cyber-disinformation attacks

Written by

Member nations of the North Atlantic Treaty Organization have banded together in recent days to confront an apparent cyberattack carried out against a NATO member’s critical infrastructure, according to the alliance.

NATO is also working to battle a stream of disinformation about the attack against island state Berylia that has flooded social media, the alliance said.

While many world leaders have faced off with blended cyber and disinformation operations in recent years, the NATO members in this case are not in fact facing a real threat. NATO crafted the scenario, which was carried out by a fabricated non-NATO nation-state “Crimsonia,” as part of an annual simulation exercise. Known as Locked Shields, it’s designed to test leaders’ readiness to deal with live cyberthreats. Berylia, the target of the fake attack and disinformation, is also an imagined state.

The exercise — which had Crimsonia target Berylia’s financial services sector, mobile networks and water supplies — concluded Friday.

While the targets and attackers in the scenario were imagined, the blended operations depicted in the exercise are ones that world leaders have been grappling with for years.

The fabricated Crimsonia actors targeted Berylia citizens with information operations meant to sow seeds of doubt and discord. That’s an approach that the governments of Iran and Russia used in information operations targeting U.S. citizens during the buildup to the 2020 U.S. presidential elections, according to a recent U.S. intelligence memo.

“This year, the exercise featured several new dilemmas for the strategic decision-making element as well,” Michael Widmann, the chief of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) Strategy Branch, said in a statement. “The cyber domain and information warfare operate hand in hand in the modern environment. Strong strategic communication policies can mitigate the effects of an enemy’s information warfare campaign.”

It was just five years ago that NATO members agreed that a cyberattack on one NATO member state could be interpreted as an attack on all, which would trigger a collective response.

The inspiration to simulate both cyberattacks and information operations simultaneously came in part from the pandemic, during which Russia and China have conducted both cyber-operations and information campaigns to target democracies, NATO Deputy Secretary-General Mircea Geoaña said.

“Russia and China have tried to use the COVID-19 crisis to exploit vulnerabilities, including those in cyberspace, with cyber-enabled disinformation campaigns, designed to sow distrust and division in our democratic societies,” Geoaña said in a statement.

Cyberattacks against critical infrastructure, too, have been top of mind for intelligence communities around the world for years. Just last week the U.S. intelligence community noted in an annual threat analysis that China is capable of causing damage to critical infrastructure in the U.S. and that Russia is known to target critical infrastructure such as underwater cables and industrial control systems.

Participants in the NATO simulation, which was organized by the CCDCOE, included the FBI, Estonia’s defense ministry, Cisco, Microsoft and the European Defence Agency, among others, according to Estonian World. More than 10 NATO allies participated, according to the alliance.

It’s just the latest virtual cyber exercise allied national have convened to test leaders’ readiness to respond to cyber attacks that hit simultaneously with physical attacks or information operations campaigns. Cyber Command and allies participated in a virtual exercise last year, during which they simulated how they would respond to an attack on a European airbase. In that attack, hackers targeted virtualized industrial control systems.

This was the first time NATO has hosted this cyber exercise virtually. Past iterations of the event were hosted in person in Paris and London in 2018 and 2019 respectively.