During the "Lock Shield 2024" exercise, participants are demonstrating how to help attacked countries resist cyber attacks. From April 22nd to 26th, NATO held the "Lock Shield 2024" cybersecurity exercise in Tallinn, Estonia. The scale of this exercise is the largest in history, with a more practical background, content design, and military strategy. It is referred to by foreign media as a "systematic offensive and defensive confrontation carried out on an invisible battlefield in cyberspace.". Compared to previous years, this exercise has more highlights. NATO announced the list of participating forces one week in advance and publicly disclosed some exercise scenarios, releasing a deterrent effect in the field of cyber armaments. Invisible Battlefield Materialization This exercise is hosted by the NATO Collaborative Network Defense Excellence Center, with over 4000 experts in the field of cyber warfare and intelligence from more than 40 countries forming more than 20 teams, conducted in a red blue confrontation mode. The exercise is the first to materialize the cyberspace battlefield, which is a major form of warfare in major country competition or group confrontation for full process training. The background of the exercise is that a NATO ally named Berelia applied to NATO for support from the Network Rapid Response Team after being attacked by a cyber attack. During the "shaping" phase of the exercise, the Red Party, acting as a destructive force, completed the formation in Tallinn, Estonia, set up a combat control unit, and was responsible for commanding various attack teams to conduct simulated attacks on the target network, and synchronously conducting basic training such as vulnerability scanning, attack probing, and Trojan horse implantation. The blue side is composed of several multinational joint teams, responsible for defense and counterattack tasks. For example, the team composed of Germany and Ireland is mainly responsible for dealing with fake news. Under the command and coordination of the NATO Collaborative Network Defense Excellence Center, the defense side establishes a network defense operations center, responsible for coordinating communication and intelligence support forces, enhancing cyberspace situational awareness, and providing recommendations for various team combat operations. During the exercise, the United States took the lead in the entire exercise process, and each team jointly developed an action plan on the common operational platform provided by the United States. Among them, the US participating team is responsible for creating a cyber warfare environment and information gathering nodes, and has also formed an independent Blue Army team of 120 personnel from units such as the US Defense Information Systems Agency and the Cyberspace Command. After the normalization of system confrontation, the exercise enters the stages of "seizing initiative," "control," and "stability" after both the red and blue sides have completed the preset and deployment. After conducting a rating evaluation of the target network, the Red Party took the lead in launching an attack, dividing it into six attack teams and conducting network destruction operations within five days according to the threat hierarchy of "virus implantation, threat activation, access maintenance, network interference, network degradation, and denial of attack". The blue side adjusts its defense level based on real threats and synchronously coordinates with intelligence, information, and local resources to respond. Among them, in the "activation threat" stage, the red side directly uses ransomware to pull the blue side into a receiving state. In the stages of "maintaining access" and "network interference", red party personnel carry out "horizontal expansion attacks" by adding malicious users, and cause major web pages to crash by continuously accessing critical systems and networks. In the above steps, the blue side mainly carries out threat assessment, network defense, and