The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, last week hosted the 15th edition of the Locked Shields cyber defense exercise.
Roughly 4,000 experts from 41 nations took part in Locked Shields 2025, which is designed to test and improve the preparedness of cybersecurity teams in defending national systems and critical infrastructure through a realistic simulation.
While today it is the world’s largest and most complex cyber defense exercise, Locked Shields had humble beginnings.
“Over the past 15 years, Locked Shields has grown substantially—both in the number of participating nations and the complexity of the systems involved. When the first exercise was held in 2010, it included just four nations and 60 participants,” Dan Ungureanu, exercise director of Locked Shields 2025, told SecurityWeek.
“This growth is also reflected in the size of the planning and support teams,” Ungureanu added. “Locked Shields is organised in cooperation with leading experts from the cyber industry, academia, and allied cyber defence forces. The 2025 edition was a collaborative effort involving 450 planners and developers and more than 25 industry partners.”
The cybersecurity experts who took part in Locked Shields 2025 were tasked with protecting more than 8,000 systems — including ones simulating military infrastructure and telecom networks — against more than 8,000 cyberattacks.
The 41 participating nations formed 17 multinational teams in an effort to enhance collaboration. They all joined the exercise remotely, but it was up to each team to decide whether they logged in from their respective country or gathered in one location.
Locked Shields tested not only each team’s technical skills, but also their ability to deal with disinformation and political pressure, and they were tasked with navigating legal and strategic aspects that could occur in high-pressure scenarios.
The three teams that obtained the highest score were made up of Germany and Singapore, Poland and France, and Italy, Slovenia and the United States. However, this does not necessarily mean that these countries are the best prepared to deal with cyber threats.
“High scores in Locked Shields demonstrate strong teamwork, technical expertise, and decision-making under pressure in a realistic simulated environment,” Ungureanu said. “However, they don’t directly represent a country’s overall cybersecurity readiness, as teams differ in composition and goals each year. The exercise runs within a limited timeframe and doesn’t fully account for national infrastructure or long-term capabilities.”
The evolution of Locked Shields reflects the significant growth of cyber defense and the increasing need for countries to be prepared for worst case scenarios.
Ungureanu noted that countries frequently encounter cyberattacks similar to those simulated in Locked Shields, such as ransomware, disruptions to critical infrastructure, and other sophisticated threats aimed at government and defense networks.
“Although many of these incidents go unreported publicly, cybersecurity professionals, including Locked Shields participants, are often on the front lines, identifying and neutralising threats before they escalate into major incidents,” he said.
Locked Shields 2025 introduced a cloud-based infrastructure, quantum computing injects, AI-driven narratives, and a redesigned scoring system that rewarded collaboration and resilience.
As for next year’s event, Ungureanu said, “For Locked Shields 2026, we’ll be focusing on expanding the cloud segment by integrating additional systems and introducing a new category of Critical Special Systems that can support and strengthen national defence efforts. As with this year, we’ll also continue advancing our internal AI research, bringing us one step closer to a fully automated Blue Team.”
Related: NATO to Establish New Cyber Center in Belgium
Related: Hacker Who Targeted NATO, US Army Arrested in Spain
Related: NATO Draws a Cyber Red Line in Tensions With Russia
