TALLINN, Estonia -- Cyber defenders from the Maryland Air National Guard partnered with Estonian Defense Forces Cyber Command and Poland Cyber Command to facilitate a multi-national cyber exercise based at operating locations in Tallinn, Estonia, and Warsaw, Poland, as part of the U.S. Army’s Exercise Defender 24, May 4-16, 2024.
More than 50 Airmen from the 175th Cyberspace Operations Group and more than 85 service members from Poland, Estonia, Norway, Finland, and Sweden participated in the cyber exercise, which implemented scenario planning and tactics to protect and secure simulated supervisory control and data acquisition – commonly referred to as SCADA – systems and infrastructure (e.g., electricity, water, facilities, etc.) from cyber attacks.
Cyber operators used the exercise as an opportunity to leverage and improve their joint knowledge and operations in cyber scenarios that could pose potential threats if replicated in a real-world scenario.
“This exercise has been an excellent opportunity to increase our strategic readiness and interoperability by working with our NATO partners in preparation for real-world scenarios,” said Maryland Air National Guard Capt. Kimberly Castellano, 275th Operations Support Squadron intelligence officer and Maryland’s lead planner for the exercise. “It allows us to have interoperability and joint effort in not only training, but also ensures that what we do in the U.S. can potentially be applied in different areas of responsibility.”
The exercise was designed to simultaneously train the blue team (defensive cell) and the red team (offensive cell) in separate locations. Poland Cyber Command hosted blue team operations in Warsaw, while the Estonian Defense Forces Cyber Command hosted red team operations in Tallinn. The blue team was tasked with defending a simulated network from attack, while the red team attempted to cause disruptions to operations via unauthorized access, emulating an adversarial cyber threat in the network. The white cell monitored the exercise and ensured that both teams were following the rules.
For the exercise scenario, the Maryland Air National Guard provided a training range that emulated military installation infrastructure for the Joint Reception. Staging, Onward Movement, and Integration (JRSOI) process of allied forces in Europe, including elements such as closed-circuit television, heating, ventilation and air-conditioning (HVAC), and power. The red team’s primary objective for the exercise was to target simulated HVAC systems, but also focused other JRSOI network enclaves in order to amplify degradation of operations. The blue team responded by detecting the disruptions and promptly implementing the necessary measures to restore functionality of the simulated HVAC systems and safeguard the JRSOI environment from further harm.
Having the teams in separate locations was intentional to simulate the operational environment in real-world cyber intrusions. As cyber threats continue to escalate in complexity and frequency, the operational synergy between allies, irrespective of physical boundaries, is a critical part of safeguarding the integrity, availability and confidentiality of digital assets in an interconnected world.
“Our adversaries are not always operating in the same location or the same time zone as the networks they attack,” said Maryland Air National Guard Master Sgt. Martin Bartkowski, 275th Operations Support Squadron cyber operations. “Working across borders and time zones also allows us to test our processes and procedures, and more importantly, exercise our communications to ensure we have interoperability with our partners and our geographically separated teams. Having solid communication is a major key to success.”
In addition to joint operations testing, the exercise brought partner nations together for joint training opportunities, focusing on sharing best practices in cyber defense, streamlining procedures and protocols, and general collaboration and partnership across teams and participants.
“Opportunities like this allow us to amplify our strengths and forge a resilient network of collaboration that transcends borders,” said Maryland Air National Guard Lt. Col. Christopher Quinlan, 276th Cyberspace Operations Squadron commander, who provided training for the mission planning team. “The more joint training and exercises we do, the better we become. Not only does it help us to enhance efficiency and ensure consistency in operations with our allies and partners, but it also gives us the opportunity to adapt to other cultures and build relationships with our international counterparts.”
Though the exercise was facilitated as a component of Defender 24, it was also a follow-up training opportunity to exercise Baltic Blitz 23 from the previous year, a similar trilateral cyber exercise between the U.S., Poland, and Estonia, using blue and red teams to secure simulated rail transportation systems from cyber attacks.
The Maryland National Guard and Estonia continue to build on their mutually beneficial partnership of more than 30 years through the National Guard Bureau’s State Partnership Program. The security cooperation in cyber and other capabilities has grown beyond military training events to include civilian engagements.
Exercise Defender 24 is the largest U.S. Army exercise in Europe to date and includes more than 17,000 U.S. and 23,000 multinational service members from more than 20 allied and partner nations. Defender 24 is focused on the strategic deployment of continental, U.S.-based forces and interoperability with allies and partners at exercise locations across 13 European countries. It seeks to deter adversaries, transform operational mission command, build readiness, and strengthen the NATO alliance.
Defender 24 is also a component of Exercise Steadfast Defender 24, NATO's largest military exercise since the Cold War. It includes more than 90,000 troops from all 32 NATO allies. Steadfast Defender 24 mobilizes North American troops across Europe to exercise with European forces, which demonstrates NATO's ability to defend every inch of its territory, and the commitment by NATO allies to protect each other from any threat. It underscores the unbreakable bond between NATO allies in Europe and North America, who have kept over one billion people safe for 75 years.