WASHINGTON ― NATO cyber defenders won Locked Shields 2018, the world’s largest live-fire cyber exercise, in Tallin, Estonia last week.

Organized by NATO’s Cooperative Cyber Defense Center of Excellence (CCD COE), the exercise challenged participants to respond to and counter high-intensity attacks on the IT systems and critical infrastructure networks of a fictional country, Berylia.

Led by the NATO Communications and Information (NCI) agency, NATO’s “blue team” of 30 cyber specialists defended Berylia’s electric power grid, 4G public safety networks, drone operation and other critical infrastructure against 4,000 virtualized systems and more than 2,500 attacks.

The exercise, which ran from Apr. 23 to 27, also served to teach commanders about the strategic and policy level implications of decisions made during a severe cyber incident.

“Success in Locked Shields is not just about defending your own networks – it is also about collaborating closely with the other defending teams,” explained Ian West, cyber security chief at the NCI agency.

Last year’s Locked Shields exercise consisted of 800 participants from 25 nations. This year’s event hosted more than 1,000 participants from over 30 countries.

Cyber exercises like Locked Shields are of growing importance to NATO, as the organization continues to define its role in responding to cyber attacks. Although NATO has said that a cyber attack could trigger Article 5, the group’s collective defense clause, it has not explicitly outlined those conditions.

There is some concern throughout the national security community that NATO, as a large multinational organization, is not well positioned to integrate cyber lessons across the alliance and move quickly to respond to threats.

As with any large institution, some have argued there is an inherent disconnect between Supreme Headquarters Allied Powers Europe, CCD COE, and other relevant organizations although coordination “is something which remains difficult to assess,” according to Max Smeets, a cybersecurity postdoctoral fellow at Stanford University Center for International Security and Cooperation.

At the first USCYBERCOM/NSA symposium this year, Smeets explained one participant argued that “‘in cyberspace, it is not the big that eat the small, but the fast that eat the slow.’ If this is true, one may wonder to what degree NATO is focusing on the right things in cyberspace.”

He added NATO “might indeed set up procedures to create a more forceful, collective response against cyber attacks, but if that comes at the costs of slow action, it might not be worth it in this domain.”