Longstanding NATO Partnership Strengthens Our Collective Cyber Defenses

Public-private partnerships must be a cornerstone of every organization's cybersecurity strategy in the current threat landscape. These collaborations enable entities worldwide to share threat intelligence and technical expertise to inform their defense efforts, helping them better prepare to thwart cyber adversaries. The result is that individual security teams can achieve far more through partnerships and collaboration than they could on their own.

As threat actors advance their operations-taking advantage of AI to enhance and speed all aspects of their attacks, turning to the dark web for neatly packaged and easily accessible exploit kits, and so much more-the traditional, siloed cybersecurity strategies of the past are glaringly ineffective against today's threats. Public-private partnerships bring private companies, academia, government organizations, nonprofits, law enforcement agencies, and others together to find opportunities to systemically disrupt global cybercrime at scale, not just to protect against the next novel threat but to understand the complex motivations of these cybercriminals and the "toy soldiers" that are recruited to do this work.

Partnerships don't just give defenders an advantage. These collaborations are necessary for protecting every organization's digital infrastructure. Given the importance of such efforts, Fortinet has a longstanding commitment to fostering public-private collaborations and actively participates in a variety of partnerships led by organizations such as the World Economic Forum, the Cyber Threat Alliance, International Criminal Police Organization (INTERPOL), MITRE, North Atlantic Treaty Organization (NATO), and others.

Our Ongoing Work with the NATO Industry Cyber Partnership

Fortinet has worked with NATO since 2016 as a member of the NATO Industry Cyber Partnership (NICP). NICP was created to facilitate the timely sharing of cyber intelligence and information security best practices.

Fortinet also regularly participates in cyber resilience exercises and events hosted by NICP, including the annual Locked Shields event and the NATO International Conference on Cyber Conflict (CyCon).

Locked Shields 2025: Building Cyber Resilience Together

Last month, the FortiGuard Labs team contributed to Locked Shields 2025 by advising on the exercise scenarios, which included crafting red-team attacks mimicking state-sponsored APT campaigns, exploiting living-off-the-land (LotL) techniques, deploying bespoke malware. In addition, blue teams used FortiGate Next Generation Firewall (NGFW) rulesets, FortiSandbox analysis for zero-day binaries, and dynamic policy updates via FortiManager-showcasing how integrated threat intelligence accelerates threat hunting and containment.

Now in its fifteenth year, this exercise is organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and is designed to test and improve the cyber defenses of NATO members using a realistic simulated environment. This year's exercise brought together more than 4,000 cyber experts from 41 nations to defend over 8,000 virtual critical systems while navigating additional real-world pressures. Beyond defending against these fictitious but complex cyberattacks-many of which featured evolving technologies like AI and quantum computing-defenders contended with related challenges that impacted their operations, ranging from disinformation campaigns to infrastructure issues to violations of sovereignty.

While the scoring aspect of the event helps practitioners benchmark and improve their skills, the true power of the exercise lies in the collective knowledge exchange. Building on the technical grit of live-fire defense, Locked Shields 2025 underscored that its greatest force multiplier isn't just firewalls and sandboxes-it's the collective brainpower of over 4,000 experts exchanging tactics in real time.

NATO CyCon 2025: Understanding the Complex Motivations of Cybercrime's "Toy Soldiers"

In addition to helping cybersecurity practitioners sharpen their defense skills and technical knowledge, many NATO exercises and events help defenders gain a stronger understanding of cybercriminal motivations and the psychology behind their efforts.

Financial gain is not always the primary motivation behind cyberattacks. The reality is far more nuanced, with many of these cybercriminal networks exploiting various social and economic pressures. Last week, I attended NATO CyCon 2025 and hosted a session on this topic. I decided to talk about a different aspect of attacks and cybercrime. Specifically, I discussed how threat actors are recruiting children and teens from conflict-affected nations and turning them into hackers. This talk was based on my personal experience and interaction with some real-life attackers. As a result of these conversations, I sought to understand what motivates them to cause harm and determine whether it's possible to solve (or at least understand) deeper underlying issues, such as the lack of opportunity and acceptance the individuals behind these attacks may be seeking. Understanding the people behind these threats may help us discern how they construct their attacks, and it gives us a better chance of defending against these efforts.

In recent years, our FortiGuard Labs team has observed a disturbing and growing trend, one in which established threat actors and nation-state sponsored groups recruit vulnerable youth from developing countries. In regions impacted by wars and economic hardship, children as young as 12 are often lured into the world of cybercrime, turning to this work with the aspiration to make money to buy necessities such as food and clothing.

My presentation explored how these "toy soldiers" are drawn into the digital domain. I also highlighted how understanding the true motivations behind these cyber operations rooted in survival and desperation can help us build more effective defense and support strategies. Gaining more insight into the human elements that drive cybercrime allows us to identify new ways to disrupt these networks and protect vulnerable populations.

Disrupting Cybercrime By Working Together

As security teams everywhere work to stay ahead of adversaries, collaboration has quickly become a vital component of every defense effort. Public-private partnerships and related activities-like the yearly Locked Shields exercises and engagement at CyCon-provide critical platforms for organizations across all industries and regions to share intelligence and refine response strategies against sophisticated threats. Fortinet is proud to be a longstanding partner of NICP, and we look forward to continuing our collaboration with NATO members and partner nations to disrupt cyberthreats, protect vulnerable populations, and build a more resilient global infrastructure.