Last weekend, over 120 cyber experts from 26 nations came together in Riga, Latvia, to plan and execute a joint defense operation after military forces from the state of Crimsonia were deployed to attack the nation of Berylia. The goal? To disable the air defense system of the occupying forces. The means? In the style of modern warfare, a mix of cyber and material tools.
The reason that the offensive did not make headlines, however, is that it was a fictitious attack. The made-up plot was in fact a red-team exercise staged by the Cooperative Cyber Defense Centre of Excellence (CCDCOE), a NATO-accredited cyber-defense hub, and Latvian IT security organization CERT.LV, in an effort to make experts around the world better at defending national IT systems.
The exercise, dubbed Crossed Swords, has been an annual event since 2016. This year, the event put a strong emphasis on the need to integrate cyber expertise with military forces. Among the participants were digital forensics professionals and data-collection experts, but also special forces operators.
Director of CCDCOE Colonel Jaak Tarien told ZDNet that the exercise was created to add cyber operations to the military toolbox: "Cyber is a domain of military operations and we needed a place to experiment the integration of cyber into contemporary battlefield operations," he said.
"We feel this is the missing piece of existing tactical level exercises; there are either kinetic, or cyber exercises, but we are not aware of an integrated exercise outside Crossed Swords."
Participants collaborated to design a common strategy to help the friendly – and imaginary – state of Berylia. They tried and tested various cyber-kinetic operations, targeting physical military and industrial systems via digital means. This could include challenging security systems, UAVs, or maritime surveillance systems, for instance.
Since last year, the CCDCOE experts masterminding the exercise have added a simulated cyber-command unit to the game, made up of six participating nations, and modeled on real-life entities such as the US's cyber-command unit. A unit within the Department of Defense, the cyber command directs, synchronizes and coordinates cyber operations related to the US's information security environment.
Lauri Luht, the director of technical exercises at CCDCOE, told ZDNet that the command unit was an example of how traditional military methods could be applied to different, and new, types of operation.
"This year, the mission itself, and all the associated tasks, required close collaboration," he said. In the next iterations of the game, he added, improving the command unit to better communicate between experts covering different fields will be one of the main targets.
The experts who participated in this year's Crossed Swords exercise are likely to also take on a role in Locked Shields, another annual cyber-defense game organized by the CCDCOE involving a larger audience of up to 1,200 security experts.
Luht stressed that although it might sound counter-intuitive, the objective of those exercises is not to win. The whole point, in fact, is that the field is so young that there is probably no established way to come out a champion.
"As far as we know, and contrary to other industries, there is no 100% established guideline, routine or doctrine on how cyber should respond to attacks," he said. "The exercise is experimental; it is made for experts to have a go at solving the problems we give to them."