Organized jointly by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and CERT.LV, Crossed Swords has evolved from a purely technical red teaming workshop into a one of a kind training event, combining different technical skills with kinetic force and taking place in several locations simultaneously. The exercise plays out a number of mutually intertwined kinetic and cyber operations. The focus is on advancing cyber Red Team members’ skills in preventing, detecting and responding to an adversary in the context of a full-scale cyber operation.
“The primary training audiences are cyber Red Teams, but also SOF, and the most a recent addition, a command module,” said the Director of CCDCOE Colonel Tarien. “Crossed Swords is unique in combining multidomain with multinational. This year’s Crossed Swords practiced a realistic cyber enabled joint operation. The setting is highly experimental, yet authentic and challenging.”
“For the first time in exercises’ history we had six nations working together as the Cyber Command element: the command function was fully integrated into technical and kinetic gameplay,“ Lauri Luht, the Director of Technical Exercises at the CCDCOE, concurred. “In technical exercises the training audience is not expected to have 100% success rate. The main task and lesson is to understand the coordination between multiple disciplines. At Crossed Swords, we link cyber elements with conventional force,” Luht explained.
Crossed Swords as a technical cyber exercise focuses on training penetration testers, digital forensic professionals, and situational awareness experts, among them many, who will take up a role in the Red Team at the forthcoming Locked Shields 2020 exercise. As a joint tactical exercise it brings technical experts, data collection experts and Special Forces operators under the same command working for a united goal. Altogether the exercise welcomed 26 nations and more than 120 participants.
“The participants have to make decisions about the means to achieve effects. The process of figuring out the optimal approach is instrumental in learning to operate as a joint force. At Crossed Swords, the participants have freedom to experiment and a licence to fail – this is how the learning takes place,” said Dr Rain Ottis, the Head of Exercise Control.
“Fail, fail again, fail better,” summarized Dr Bernhards Blumbergs, the exercise founder and technical director, a cyber security expert from CERT.LV. “Training tasks such as attribution and the collaboration of units from very different fields and nations with integrating sub-teams, are meant to push participants out of their comfort zone. This is when learning happens.”
The exercise benefits largely from having industry partners on board and providing hands on integration of military and industry technology. Their technology and know-how are of key importance to make the endeavour authentic and similar to real world challenges. This year’s training event integrated a water purification system and a specialized communication network to name just a few.
The exercise was organized jointly by the NATO CCDCOE, a NATO-accredited cyber defence hub in Tallinn, and CERT.LV, the Information Technology Security Incident Response Institution of the Republic of Latvia, in partnership with the Latvian Cyber Defence Unit, Cyber Command of the EDF, Latvian National Armed Forces Joint HQ, NSHQ, Singapore University of Technology and Design, CybeXer Technologies, Greycortex, Stamus Networks, Latvian Mobile Telephone (LMT), Evolution Gaming and Thinnect.