The U.S. Cyber Command conducted Cyber Flag 21-1 exercise from November 15-20, its largest multinational cyber exercise to date, aimed to improve preparedness against threats from adversaries like Russia.
The exercise was held to bolster the defensive skills of more than 200 cyber operators from 23 countries at Joint Base Suffolk, Virginia. It supported national objectives of strengthening the international community of defensive cyber operation, and sought to improve the capabilities of the U.S. and its allies to identify, synchronize and respond to malicious cyberspace activities.
Defensive cyber teams from Canada, Denmark, Estonia, France, Germany, Lithuania, Norway, the Netherlands, Poland, Sweden, the United Kingdom and others participated in Cyber Flag 21-1. Fourteen countries participated in person and multiple other nations used USCYBERCOM's real-time virtual training environment.
"Threats in the cyber domain have no geographic boundaries, so the cyber threats that can confront any given country can easily spill into another country," Elizabeth Phu, Principal Director Cyber Policy for the Office of the Secretary of Defense, said.
She added that it is important for the U.S. to continuously train with our partners and allies. Understanding how they respond to threats helps the U.S. better leverage combined and joint responses.
"We are not going to be able to confront any cyber threat alone," Phu said.
Cyber Flag 21-1 is a U.S. response to the exploitation of SolarWinds to strengthen collective defense in cyberspace and affirm the importance of an open, reliable and secure internet.
"This was really part of the response actions to what we saw in Russian activities with malicious cyber actor's exploitation of SolarWinds," U.S. Navy Rear Admiral Heidi Berg, USCYBERCOM Director of Strategies, Plans, and Polices, said. "This exercise, bringing together our European allies, is a key element of how we will look to respond in the future. "
Using the National Cyber Range (NCR), a flexible virtual cyber training environment, the exercise tested participants' skills and ability to detect an enemy presence, expel it and identify solutions to harden their simulated networks.
"This is an important exercise because we bring our cyber operators here to have a scenario where they can train their defensive measures," German Vice Adm. Dr. Thomas Daum, Chief of the German Cyber Information Domain Service, said.
His team of 10 German cyber operators physically participated at Suffolk while using the National Cyber Range at the same time other countries trained on it from their home location.
During the final day of the exercise, participants and observers participated in a strategic cyberspace wargame, which focused on synchronization of policy, plans and force development across the spectrum of cyber conflict.
The wargame highlighted the value of international collaboration during events like Cyber Flag to increase coordination among nations and facilitate a common defense against malicious cyber actors.
Multinational training exercises like the Cyber Flag series enable cyber defense tacticians to share how they respond to a cyber incident and exchange tactics and techniques.
The Department of Defense is taking steps to incorporate additional allies into USCYBERCOM's training exercises. Cyber Flag 21-1 is an example of this expansion as cyber planners and operators from many nations come together and unite in a shared focus: defending their nation's networks against common threats.
"I think what this exercise says is, there are partner nations that will come together to try and prevent something like SolarWinds in the future," U.S. Coast Guard Rear Adm. Christopher Bartz, USCYBERCOM's Director of Exercises and Training. "It's a real statement to your adversaries about the unity of effort with the U.S. and its allies."
This exercise series also provides a recurring opportunity for USCYBERCOM to train with domestic and international partners against foreign hostile cyber threats, and deepen key partnerships with U.S. allies and partners.
Tailored Training for Integrated Deterrence
Cyber Flag 21-1 is one of three distinct cyber field training exercises that USCYBERCOM conducts annually, to provide realistic virtual defensive cyberspace training. The multinational exercise enabled collaboration through the National Cyber Range, using tailored and virtualized network terrain modeled to suit each of the participating military elements.
As a training environment, NCR enables DOD to conduct virtual, combined and joint cyberspace training, exercises, mission rehearsals, experiments and certifications. The environment uniquely enables a high degree of collaboration, development and assessment of U.S. and allied cyber tactics, techniques and procedures for defensive cyber missions that transcend boundaries and networks.
Cyber Flag 21-1 was the first time some nations used NCR to train in an environment that provided the operators hands-on experience in dealing with real-world problems—with the space and time to assess their success after the training, without the pressure of a large incident response.
"This is not a static failed system that they need to fix, but a dynamic exercise," Daum said. "So the opposing force that tries to crash the system gives an opportunity to our defensive operators to prevent an opponent from getting into the system."
While Cyber Flag 21-1 is just one exercise, it is part of a larger DOD effort toward integrated deterrence across all domains, including cyberspace. Increased cyber security awareness and training brings increased resilience against cyber-attacks around the world.
"We're raising all of our countries' awareness of the cyber threats out there, so we are better prepared," Phu said. "We are unlikely going to be able to prevent all cyber-attacks, what is important is how we detect the attacks and how we respond to the attacks. Exercises like Cyber Flag give us better tools to do so in the future."