Largest US Multinational Cyber Exercise Focuses on Collective Defense

U.S. Cyber Command’s (USCYBERCOM) CYBER FLAG 21-1 exercise, its largest multinational cyber exercise to date, bolstered the defensive skills of more than 200 cyber operators from 23 countries at Joint Base Suffolk, Virginia, from 15-20 November.

Defensive cyber teams from Canada, Denmark, Estonia, France, Germany, Lithuania, Norway, the Netherlands, Poland, Sweden, the United Kingdom and others participated in CYBER FLAG 21-1. Fourteen countries participated in person and multiple other nations used USCYBERCOM’s real-time virtual training environment.

CYBER FLAG 21-1 directly supported national objectives of strengthening the international community of defensive cyber operation and sought to improve the capabilities of the U.S. and its allies to identify, synchronize, and respond to malicious cyberspace activities.

“Threats in the cyber domain have no geographic boundaries, so the cyber threats that can confront any given country can easily spill into another country,” said Elizabeth Phu, Principal Director Cyber Policy for the Office of the Secretary of Defense.

She added that it is important for the U.S. to continuously train with its partners and allies. Understanding how they respond to threats helps the U.S. better leverage combined and joint responses.

CYBER FLAG 21-1 is one of U.S. responses to the exploitation of SolarWinds to strengthen collective defense in cyberspace and affirm the importance of an open, reliable, and secure internet.

“This was really part of the response actions to what we saw in Russian activities with malicious cyber actor’s exploitation of SolarWinds,” said U.S. Navy Rear Admiral Heidi Berg, USCYBERCOM Director of Strategies, Plans, and Polices. “This exercise bringing together our European allies is a key element of how we will look to respond in the future. “

Using a flexible virtual cyber training environment, the National Cyber Range (NCR), the exercise tested participants’ skills and ability to detect enemy presence, expel it, and identify solutions to harden their simulated networks.

During the final day of the exercise, participants and observers participated in a strategic cyberspace wargame, which focused on synchronization of policy, plans, and force development across the spectrum of cyber conflict. The wargame highlighted the value of international collaboration during events like Cyber Flag to increase coordination between nations and facilitate a common defense against malicious cyber actors.

CYBER FLAG 21-1 is one of three distinct cyber field training exercises that USCYBERCOM conducts annually, designed to provide realistic virtual defensive cyberspace training. The multinational exercise enabled collaboration through the NCR, using tailored and virtualized network terrain modeled to suit each of the participating military elements.

As a training environment, NCR enables the Department of Defense to conduct virtual, combined, and joint cyberspace training, exercises, mission rehearsals, experiments and certifications. The environment enables a high degree of collaboration, development, and assessment of U.S. and allied cyber tactics, techniques, and procedures for defensive cyber missions that transcend boundaries and networks.

CYBER FLAG 21-1 was the first time some nations used NCR to train in an environment that provided the operators hands-on experience in dealing with real-world problems—with the space and time to assess their success after the training, without the pressure of a large incident response.