全球最大網攻演習落幕,41國演練戰時守護電網與軍事系統
Locked Shields 2026, the world's largest live-fire cyber defense exercise organized by NATO CCDCOE, concluded on April 24th with 41 nations, 16 teams, and over 4,000 participants. The exercise simulated wartime cyberattacks on critical infrastructure including power grids, air defense, and military systems of a fictional country called Berylia. Latvia+Singapore, Germany+Austria+Luxembourg+Switzerland, and France+Sweden were the top three performing teams.
Summary
Locked Shields 2026 concluded on April 24th as the world's largest live-fire cyber defense exercise, organized annually since 2010 by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE). The exercise has grown dramatically from its origins with just 4 countries and approximately 60 participants to its current scale of 41 nations, 16 teams, and over 4,000 participants.
The 2026 edition centered on a fictional nation called Berylia, which was portrayed as being attacked by a sophisticated hostile force seeking to undermine its sovereignty. To maximize realism, CCDCOE partnered with industry to incorporate actual hardware and industrial control systems, including a fully functional power generation system, 5G networks, satellite infrastructure, electronic voting systems, and combat command systems.
Over two days, 16 teams acting as rapid response units defended Berylia against approximately 8,000 real-time cyberattacks targeting these critical systems. CCDCOE Director Tõnis Saar highlighted that teams performed well in detecting and responding to malicious cyber activity, and emphasized that the growing role of AI is reshaping both offensive and defensive dynamics in cyberspace.
The top three teams recognized were: Latvia+Singapore in first place, Germany+Austria+Luxembourg+Switzerland in second, and France+Sweden in third. Exercise lead Dan Ungureanu stated that the ultimate goal of Locked Shields is to foster inter-nation collaboration, build mutual trust, and develop a shared understanding of how to strengthen resilience in cyberspace.
About this episode
全球最大實戰型網路防禦演習Locked Shields 2026已於4月24日落幕。本次演習集結了來自41國、16支隊伍及超過4000名參與者,模擬戰時情境下即時應對大規模網路攻擊,演練如何在電網、防空與軍事系統等關鍵基礎設施遭攻擊時維持正常運作。
Key Insights
- CCDCOE Director Tõnis Saar argued that AI is actively transforming the attack and defense paradigms in cyberspace, making it a central concern beyond just the technical exercise itself.
- The exercise incorporated genuinely real hardware and industrial control systems — including a working power generation system, 5G networks, and electronic voting infrastructure — to ensure the simulation reflected actual operational conditions rather than abstract scenarios.
- Locked Shields has grown from 4 countries and ~60 participants in 2010 to 41 nations and over 4,000 participants in 2026, illustrating a dramatic escalation in international investment in collective cyber defense.
- Exercise lead Dan Ungureanu framed Locked Shields' ultimate purpose not merely as a technical drill, but as a mechanism for building inter-national trust and a shared understanding of cyber resilience.
- The fictional Berylia scenario involved approximately 8,000 real-time cyberattacks delivered over just two days, suggesting the exercise is designed to stress-test rapid decision-making under sustained, high-volume attack conditions.
Topics
Transcript
全球最大實戰型網路防禦演習 Locked Shields 2026已於4月24日落幕 。本次演習集結了來自41國、16支隊伍及超過4000名參與者,模擬戰時情境下即時應對大規模網路攻擊,演練如何在電網、防空與軍事系統等關鍵基礎設施遭攻擊時維持正常運作。 Locked Shields是北大西洋公約組織(North Atlantic Treaty Organization,NATO)合作網路防禦卓越中心(Cooperative Cyber Defence Centre of Excellence,CCDCOE)在2010年起每年舉辦的實戰型網路防禦演習,從最初僅有4國、約60人參與,逐步擴大為全球規模最大的網路攻防演練,採取即時攻防(live-fire)設計,模擬國家在遭受持續網路攻擊甚至戰時情境下的應變能力。 Locked Shields 2026的演習 則是虛構了一個名為Berylia的國家,模擬它遭受到某個手段高明的敵對勢力的攻擊,目的是破壞該國的主權機制,為了確保演習的真實性,CCDCOE與業界合作,導入了真實的硬體設備及工業控制系統,包括一個功能完整的發電系統、5G網路、衛星、電子投票系統,以及作戰指揮系統等。 圖片來源/NATO CCDCOE 今年的演習模擬了真實且大規模的網路攻擊行動,由16支隊伍扮演各國的快速反應小組,在兩天內協助Berylia抵禦針對上述系統、約8,000次的即時網路攻擊。 CCDCOE主任Tõnis Saar表示,各隊必須在Locked Shields 2026的演習中充分展現自己的技能,保護那些維持人們日常生活運轉的資訊技術系統,各隊在偵測及應對惡意網路活動中表現出色,如今的重點則是將演習中的整體經驗應用到現實情境中,特別是隨著AI技術的不斷發展,也正在改變網路領域的攻擊與防禦模式。 CCDCOE也公布了在Locked Shields 2026演習中表現最出色的3個隊伍,分別是拉脫維亞+新加坡隊,德國+奧地利+盧森堡+瑞士隊,以及法國+瑞典隊。 負責該演習的Dan Ungureanu指出,Locked Shields的最終目標是促進各國之間的合作,建立彼此的信任,以及共同理解如何強化網路空間的韌性。
Full transcript available for MurmurCast members
Sign Up to AccessMore from iThome 新聞
【2026 企業資安大調查】一張圖看2026年一般製造業企業資安風險
The 2026 iThome CIO & CISO survey reveals that general manufacturing enterprises face more high-impact, high-risk threats than high-tech manufacturers, with 11 items in the first quadrant. The sector is rapidly adopting generative AI but lacks corresponding governance frameworks, making LLM-related risks particularly acute. Phishing, BEC, and ransomware remain top threats, while LLM data leakage has newly entered the critical risk zone.
cPanel重大漏洞出現濫用的概念驗證框架,全球網際網路尚有兩萬多臺伺服器遭駭
WebPros在4月28日修補cPanel/WHM的9.8分重大漏洞CVE-2026-41940,該漏洞允許未經身分驗證的攻擊者透過HTTP標頭CRLF注入獲取root權限。CISA隨即將其列入KEV清單,並於5月1日出現概念驗證框架cPanelSniper。Shadowserver基金會監測顯示,受影響IP位址從4月30日的4.4萬個降至5月1日的2萬餘個,美國、法國、德國為重災區。
對抗先進AI模型帶來的資安威脅態勢急速惡化,AI紅隊平臺新創廠商Armadin與兩大資安公司宣布合作
AI紅隊新創公司Armadin宣布與CrowdStrike及Palo Alto Networks策略合作,以應對先進AI模型(如Mythos與GPT-Cyber)帶來的急速惡化資安威脅態勢。合作重點分別聚焦於企業內部環境防護與外部攻擊面掌控,整合AI驅動的自主攻擊模擬與評估能力,協助企業在機器速度下完成過去需數週的滲透測試工作。
Ubuntu與Canonical網站疑似遭遇DDoS攻擊而停擺
2025年5月1日,親伊朗駭客組織「伊拉克伊斯蘭網路抵抗組織—313團隊」對Canonical與Ubuntu多個網站發動DDoS攻擊,導致服務中斷超過24小時。攻擊波及ubuntu.com、canonical.com等十餘個網站,涵蓋開發工具、資安API及入口網站。此次攻擊對全球開發者、雲端服務供應商及企業用戶造成重大影響。
Linux系統核心存在高風險漏洞Copy Fail,本機使用者能藉此奪取root權限,廣泛影響多個主流Linux版本
A high-severity Linux kernel vulnerability dubbed 'Copy Fail' (CVE-2026-31431) has been disclosed by security firm Theori, scoring 7.8 on the severity scale. The flaw, existing for 9 years, allows unprivileged local users to gain root privileges via a 4-byte controlled write exploit. It affects all Linux versions released since 2017, with patches available in versions 7.0, 6.19.12, and 6.18.22.