More than 275 cyber professionals from across the Defense Department, U.S. federal agencies, and allied nations are competing against a robust and dynamic opposing forces comprised of over 60 Red Team operators from the United Kingdom and United States in U.S. Cyber Command’s annual exercise, Cyber Flag 22.
This defensive cyber exercise provides realistic “hands on-keyboard training” against the activities of malicious cyber actors designed to enhance readiness and interoperability within the participating teams.
The more than 15 teams include Cyber Protection Teams (CPTs) from every “Five Eyes” allied nation. Additionally, Cyber Flag 22 includes an Intelligence Fusion Cell comprised of New Zealand, United Kingdom and United States intelligence professionals, which provide the CPTs with time critical information and insights during the exercise.
CPTs from CYBERCOM’s component commands (U.S. Army, U.S. Air Force, U.S. Marines and U.S. Coast Guard) are exercising with personnel from Joint Force Headquarters Department of Defense, Information Network JFHQ-C DODIN who are acting as opposing forces in the exercise.
These participants are the cyber operators who are called upon during real-world events to defend their organizations’ critical cyber infrastructure.
Teams work on compromised networks at fictional facilities with the goal to detect, identify, isolate and counter adversarial presence on their networks. As the exercise goes on, their decisions and activities build upon each other, either creating more challenges for the team, or enabling the team to employ more advanced and comprehensive defensive measures.
During the tactical execution, a Multinational Symposium and Table-Top Exercise took place separately, but in conjunction with Cyber Flag 22. Partner nation representatives were able to take part in seminars, round table discussions and working groups to formulate ideas around the concept of interoperability in training and exercises. While in attendance, they also were able to comment on the synergetic effect that exercises like Cyber Flag has on the community.
“It’s important that multiple nations participate and all recognize the principles and the important key factors of information sharing and learning from each other. The problems and challenges are common, and the solutions can also be common, so that’s the key,” said a Finnish officer who asked to not be named.
“I’m quite impressed with the setup, the resources and the focused work that U.S. Cyber Command has in line and the exercise; and I think we try to exercise with the best, so to say, I couldn’t find a better place to exercise and participate with, for me and my team,” said Swedish Maj. Gen. Thomas Nilsson, director Cyber Defense, Swedish Armed Forces.
To increase the complexity of the exercise scenario, teams are prohibited from directly collaborating with each other until the scenario allows for cross communication. However, they are encouraged to use every tool their organizations utilize during real-world-missions, when defending their networks.
Building off the success of previous exercises using Persistent Cyber Training Environment PCTE, Cyber Flag 22’s virtual training environment is nearly five times larger than previous exercises.
Cyber Flag 22 currently is operating at CYBERCOM’s DreamPort facility in Columbia, Maryland as well as remotely across nine time zones and five countries from July 20-August 12, 2022.
Cyber Flag will occur in two iterations, Cyber Flag 22 in July and Cyber Flag 23 in October. The planning for the October exercise is still ongoing.