The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) ran the Crossed Swords 2017 technical red teaming exercise earlier in February and included a cyber-kinetic engagement for the first time, the center said Feb. 27.
The Crossed Swords exercised focused on developing the tactical execution skills in a responsive cyber defense scenario. The 2017 event featured an element of a cyber-kinetic engagement for the first time in such a setting, the CCDCOE said.
Based on a military cyber operation, the scenario had penetration testers, digital battlefield professionals, and members of Special Forces tasked with regaining control over a specific military system.
“This one-of-the kind cyber-kinetic engagement meant that Special Forces were used to retrieve physical evidence, including electronic equipment and data storage devices, as they would in a realistic mission in cooperation with battlefield digital forensics professionals,” Aare Reintam, exercise director at the NATO CCDCOE, said in a statement.
Reintam noted technical cyber defense exercises usually train information system defense but this can only be done with a real-time deployment of opposing forces played by security specialists and penetration testers. Crossed Swords focuses on these exercise opponents, usually known as Red Teams.
Crossed Swords is the sister exercise of Locked Shields, the largest and most advanced international technical cyber defense exercise in the world, the CCDCOE said. Crossed Swords trains the various penetration testers, digital forensics professionals, situational awareness experts, and monitoring specialists that become the attacking Red Team at Locked Shields.
“Crossed Swords 2017 trained evidence gathering and information analysis for technical attribution as well as identifying and stopping,” the CCDCOE said.
Crossed Swords 2017 was organized by the CCDCOE, a NATO-accredited Tallinn, Estonia-based knowledge hub and training facility that focuses on interdisciplinary applied research and development concerning cyber security. Owned, staffed, and financed by the center’s member-nations, the CCDCOE is an independent organization.
Several CCDCOE member nations, U.S. European Command (EUCOM), the High Tech Crime Institute, Cymmetria, SpectX, BNC Laboratory, Tallinn University of Technology, and others contributed technology and expertise to the exercise.