Airbus supports NATO Locked Shields Exercise

As industry representatives, we are participating in Locked Shields 2026 – NATO's largest and most complex live-fire cyber defence exercise, with more than 4,000 participants from over 40 nations. This is a strong signal: our expertise matters on the international stage.

Locked Shields is an annual cyber defence exercise conducted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). The exercise simulates a realistic, large-scale cyber conflict - with real attack tools, real time pressure, and real consequences (albeit within a controlled environment). Airbus Defence and Space Cyber is supporting one of the teams - consisting of Germany, Austria, Luxembourg, and Switzerland - with two cyber defence solutions during this year's Locked Shields. The exercise is widely distributed in different locations; 'our' team is training in Kalkar, Germany.

Participating teams, known as 'Blue Teams,' must defend national infrastructures such as energy supplies, communication networks, and military systems against thousands of coordinated cyberattacks. In doing so, they test not only technical skills but also legal decision-making, strategic communication, and performance under extreme pressure.

Our role as industry representatives 

As a defence company with one of its focus being on cybersecurity, we bring real operational expertise to the exercise. We work side by side with national teams, academics, and defence experts from all over the world on the same demanding scenarios. Upon completion, we will internally utilize the insights, experiences, and concrete lessons learned—because the best part of such exercises is that the knowledge flows into our daily work and the improvement of our products. 

Our contribution: Orion Malware and PropheCy

With Orion Malware, we are providing a platform for advanced malware analysis. Its goal is to identify malicious files that traditional antivirus programs frequently overlook. Orion Malware utilizes a combination of static analysis (examining code without execution) and dynamic analysis (executing the file in a secure environment, known as a sandbox). This allows Orion Malware to detect even zero-day threats that have never appeared anywhere before. At the same time, our solution is undetectable by viruses. This offers an enormous advantage, as many malicious programs "hide" or shut down when they realize they are being observed. Orion Malware is primarily used in SOCs (Security Operation Centers) to, for example, inspect email attachments.

Our second solution on-site is PropheCy, a SOAR system (Security Orchestration, Automation and Response). It serves as the control center for cyber analysts, centralizing alerts from various sources such as firewalls or our Orion Malware. In doing so, it does not just display typical lines of code, but creates graphs that show how different attacks or alerts are interconnected. In addition to visualization, the automation of routine tasks is a major advantage of PropheCy. If a known attack type is detected, PropheCy automatically initiates countermeasures. This could include, for example, suspending a user or blocking an IP address.

“The threat landscape no longer makes a distinction between the military, the economy, and civil society—which is why our participation in Locked Shields is not a showcase for us, but a matter of course,” emphasizes Andreas Reinecke, HO Defence Digital & Cyber Sales. “Here, we demonstrate that through our products and solutions, we are significantly shaping the future of military and societal cybersecurity and are a close partner to our armed forces and authorities.”

The steadily growing Locked Shields exercise over the years shows that the topic of civilian and military cybersecurity is a high priority for NATO. In this domain, it is about acting quickly and invisibly and always staying one step ahead of the enemy. Airbus has the capabilities to enable exactly this kind of agility for our customers.