Soon, Ragnar Rattas and his team of Estonian computer security
experts were battling the heaviest and most sophisticated cyber
attacks they had ever encountered.
As the situation worsened, they abandoned some networks - including
a major public facing website - to protect the networks that kept
vital data and industrial systems running in the research center
they were defending.
Meanwhile, they faced a growing media storm as they raced to
discover where the assault had come from.
It was, fortunately for them, just an exercise - a major game dubbed
"Locked Shields" run on March 21-22 by the NATO Cooperative Cyber
Defence Centre of Excellence in Tallinn, Estonia.
With more than 300 participants and teams from 17 nations,
organizers said it was the largest international cyber maneuver yet
mounted, simulating an attack on a fictional nation called "Berylia"
by a 50-strong team of computer experts.
Companies and nations are pouring ever greater resources into cyber
security, including sophisticated simulations, as they worry over
data and intellectual property theft as well as attacks causing
In 2012, the world's largest oil producer Saudi Aramco suffered a
cyber attack that damaged some 30,000 computers while experts
believe the United States - and perhaps Israel - used the Stuxnet
worm to make some of Iran's nuclear centrifuges tear themselves
Despite rising tensions since Russia's annexation of Ukraine's
Crimea region, organizers said "Locked Shields" was not directly
aimed at simulating any action by Russia.
The increasing sophistication of recent exercises, experts say - and
the murky overlapping mix of criminal, state and other forces -
point to the ever-growing complexity of confrontation.
"It was very challenging," team leader Rattas, who runs the critical
infrastructure protection team at the Estonian Information System
Authority, told Reuters. "They were very sophisticated attacks.
There were times when you just wanted to close the computer and walk
Estonia is no stranger to electronic warfare. During a diplomatic
dispute with Russia in 2007 over the movement of a Soviet-era war
memorial, many of its essential computer systems failed after a
major attack widely blamed on Russia.
Moscow denied the charge although it said it could not control the
actions of independent patriotic hackers.
Analysts said Russian hackers - state-linked or otherwise - were
probably also responsible for a similar but much smaller attack that
temporarily crashed the NATO website in March.
One of the key challenges set for participants in Locked Shields was
Those with the right skills would discover a rival nation - the
fictitious "Crimsonia" - was behind the some of the attacks
originally suspected to come from the hacktivist and criminals.
Tensions between Western states and both Russia and China over cyber
security have been quietly rising for years.
Last week, Washington indicted five Chinese military officials it
said were involved in electronic espionage, while Western officials
privately blame Russia for other attacks including a major 2008
breach of U.S. military systems.
[to top of second column]
Western officials say both states have invested heavily in cyber
attack capabilities and would probably use them to disrupt essential
networks in any serious face-off.
NATO states too have dramatically increased their spending. The
Pentagon's Cyber Command budget for 2014 reached a record $447
million, not including the separate budget for the eavesdropping
National Security Agency (NSA).
Russian and Chinese officials say revelations from former NSA
contractor Edward Snowden - now given asylum by Moscow - show
Washington is distinctly hypocritical on the issue.
Criminals are also raising their game. Last week, online auction
site eBay was forced to tell customers to change their passwords
after the largest customer data breach so far recorded.
BRITAIN'S "WAKING SHARK"
Estonia's team was in Tallinn but others took part remotely from
Finland, Italy, Spain, Germany, Holland, Turkey, Poland, Latvia, the
Czech Republic, Hungary, France, Austria, Lithuania in addition to
NATO's own dedicated cyber response unit.
The Estonian competition was won by Poland.
Major cyber powers such as the United States and Britain conduct
their own exercises, current and former officials say, including use
of their own highly classified offensive cyber weaponry to attack
Defensive simulations such as the NATO drill, however, are
particularly useful for smaller states.
In November 2013, the Bank of England coordinated "Exercise Waking
Shark 2", a test of the British banking system when attacked by a
foreign nation that wiped data from computers.
In 2012, some U.S. banks suffered website and other failures blamed
on cyber attacks from Iran. Tehran denied involvement.
The United States and China, those involved in discussions say, have
even experimented with basic tabletop war games and scenario
planning to examine how they might work together to contain
dangerous malware neither state was responsible for. Such
semi-formal discussions - which had engaged current and former
officials from both nations - may now be on hold.
"Cyber exercises have really come into their own," said Jim Lewis, a
former U.S. foreign service officer and now senior fellow at the
Centre for Strategic and International Studies in Washington.
"A few years ago, they were purely technical. Now they involve
policy specialists too and are on a whole different level."
(Editing by Alister Doyle/Mark Heinrich)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.