(Shutterstock)
Evolving cyber defence: NATO’s CCDCOE seeks closer industry ties
DSEI Gateway speaks with the head of the centre, a year into the job, about widening industry involvement and how the evolving cyber security domain is shaping its work.
18 JUN 2026
By
Gerrard
Cowan
Experienced Freelance Defence & Finance Journalist
Cyber defence is a vital part of any military, yet it often does not receive the attention it deserves. Software is frequently the first element of a military product to be targeted, making robust cyber security essential.
Headquartered in Tallinn, Estonia, NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) is one of the alliance's leading providers of cyber defence training and research, running large-scale exercises that test resilience, while allowing companies to trial their technology in realistic scenarios.
The centre has seen growing interest in its exercises from companies across a range of sectors, providing industry with an "electronic marketplace" to showcase their systems to government customers.
Director of CCDCOE Tõnis Saar. (CCDCOE)
As he nears the one-year anniversary of his time in charge, CCDCOE director Tõnis Saar told DSEI Gateway about the benefits participation offers companies, and explained how the evolving battlespace and cyber security domains are shaping the centre's work.
What is CCDCOE?
All NATO allies are members of the centre. In addition to these 32 ‘sponsoring’ nations, there are seven contributing participants from outside the alliance, including Ukraine.
While the centre conducts a broad range of training and research activities, it is perhaps best known for two flagship exercises: Locked Shields – the world’s largest live-fire cyber defence exercise – and Crossed Swords, which focuses on operational-level military command elements with a particular focus on developing offensive capabilities and countermeasures.
Benefits all round
Contributors support CCDCOE exercises in a range of ways, Saar explained. For example, they can provide the military access to the types of software tools and applications used in real life to control and operate critical national infrastructure.
Additionally, it allows defence and dual-use companies the chance to demonstrate their software and cybersecurity tools to potential military customers.
Considering the advantages it offers, the centre is calling for increased industry involvement in its exercises.
Locked Shields 2026 - the world's largest international live-fire cyber defence exercise. (CCDCOE)
Ultimately, the aim is that companies will make robust contributions to the exercises, from which they can also benefit, rather than simply being “logos on the wall”, Saar said.
Much of the focus has been on protecting critical national infrastructure, though the CCDCOE is keen to expand the representation of military systems in future exercises, such as the air defence system used in this year’s exercise.
Defence systems are increasingly software-based, Saar noted, blurring the line between hardware and software.
This matters because software is often the first part of a military product to be targeted, he added. It must not only be cyber-secure, but also integrate securely with the wide range of other software systems in use by a typical military customer.
This is one of the benefits of the exercises, he said: Locked Shields and Crossed Swords help companies prove that their software meets the required standards for security and for integration with other military systems and software applications.
Electronic marketplace
There are also potential business and marketing opportunities, he added. Locked Shields is a kind of “electronic marketplace”, Saar said, allowing companies to demonstrate their systems to military and government participants.
“They can try them out and decide if they would like to start negotiating with the companies to purchase the extra tools.”
Director of CCDCOE Tõnis Saar
Government and military participants can also compare their existing cybersecurity tools against the options available at the exercise.
Additionally, industry participants can ask these potential customers for feedback that could help improve their products in future.
Increased interest
Recent directors of the centre have called for greater industry involvement in its activities, particularly in Locked Shields, arguing it benefits the exercise itself, the governments involved and the companies that take part.
The centre has been successful in widening industry involvement, Saar said. For example, Locked Shields 2025 featured around 80 industry partners, while this year’s event – which took place in April – included more than 100.
The participants were deployed to assist ‘Berylia’ – a fictional NATO ally. (CCDCOE)
The latest exercise took place over the course of a working week, with participants taking part in ‘active’ elements for three days.
Participants played the role of a multinational Rapid Reaction Team, deployed to assist ‘Berylia’ – a fictional NATO ally – that was enduring 8,000 real-time cyberattacks on everything from power grids to battle management systems.
Industry contribution in the exercise was strong, attracting major IT companies, specialist software firms, and defence companies.
As with previous iterations of Locked Shields, it involved a mix of private and state-owned organisations, including involvement from SMEs.
This year, participants included technology giant Siemens; Mattermost, a developer of collaborative workflow and automation tools; and cybersecurity specialist Bitdefender. Previous iterations have featured SMEs ranging from Rocket.Chat, provider of a secure communications platform for defence and other critical infrastructure, and Helheim Labs, a small Finnish AI research and security company.
While Crossed Swords is a smaller exercise, it has also seen a range of industry involvement; for example, the 2025 version was supported by Sekoia, which provides a security operations centre platform to help organisations address cyber threats. Other partners included Crowdstrike, Exein, Starmus Networks and many more.
Mutual benefits
One of Saar’s main priorities has been navigating the centre through a highly volatile environment, notably defined by the war in Ukraine. He also pointed to the need to support NATO’s ambition to be ready for multi-domain operations by 2030.
Siemens was a major contributor to this year’s exercise. (CCDCOE)
The scenarios in Locked Shields and Crossed Swords must remain relevant in this environment, he stressed, particularly given the rise of AI tools capable of not just discovering vulnerabilities, but of writing the exploits.
This is especially relevant given Anthropic’s ‘Mythos’ AI model, which is said to be highly skilled at cyber security and hacking tasks, outperforming developers. The company has held back its release, considering the risks it poses to organisations.
Recognising these new AI challenges, CCDCOE is planning to have discussions with industry to adapt its exercises for this challenge.
“We are trying to find a mutually beneficial approach so the training audience can gain experience of the products that are available and at the same time the companies can gain feedback on the user experience.”
Gerrard
Cowan
Experienced Freelance Defence & Finance Journalist
Gerrard Cowan is a freelance journalist and editor who focuses on finance, technology, and aerospace and defence. His work has appeared in a wide range of titles, including The Wall Street Journal, Janes Defence Weekly, AvBuyer and more.