How would global banking institutions fare in the event of an international cyber conflict? NATO spent last week exploring the potential fallout in its annual Locked Shields exercise. This wargame scenario involved fictional banks and fictional national infrastructure.

In the US, the Federal Reserve Bank of New York posits that an attack that affects any of the country’s top five banks could cripple more than one third of the national payments network. The domestic and international stock markets could also suffer.

Cyber conflict planning

The NATO Locked Shields exercise first emerged in 2010. It’s typically conducted in Tallinn, Estonia, within a singular, centralized location. On account of the pandemic, this year’s wargames were held remotely. As a result, this year’s drill proved more realistic than usual.

“When you think about it, when you do it for real…we’ll all be dispersed and reacting from within our company to the events as they unfold,” says Ron Green, CISO for Mastercard.

More than a tabletop exercise

Executives didn’t simply run through incident response plans. The simulation involved “live-fire exercises”, which refers to the use of authentic cyber attack tools. Cyber security specialists were required to work together in defending against the threats.

“There’s a technology component where the participants protect an actual thing and then aggressors attack it. And then, collectively, all of the participants respond to the way that the aggressors are acting,” says Green.

In traditional wargames, experts were commonly pitted against one another on red teams and blue teams. A white team often held the responsibility for refereeing maneuvers and presenting new scenarios.

Cyber conflict and financial firms

NATO is not the only group to focus on financial firms. The Securities Industry and Financial Markets Association engages in biannual Quantum Dawn events, which provide insights into banking security.

“…More than 2,000 participants from 30 nations” typically join in, says Teresa Walsh, global head of intelligence at FS-ISAC, a cyber security consortium of nearly 7,000 financial firms.

“We have been doing these exercises for a while, but for me, doing it after the [coronavirus] pandemic, it shows you how physical and cyber and everything else can just collide,” stated Walsh. ​

Collaboration in cyber conflict 

These types of exercises bring organizations and the people who run them together. In the event of an authentic, coordinated attack on financial institutions, cyber security operators will be able to more easily connect with one another than they might otherwise.

Launching fake threats helps people get to know who’s who within the cyber security community, making future phone calls or frantic email exchanges a smoother all-around experience.

For more on cyber conflict exercises and types of cyber attackers, visit the Wall Street Journal.