By Wang Daning

王大宁

The NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) kicked off the cyber operations exercise Crossed Swords 2024 in Tallinn, capital of Estonia in mid-December. The center announced that the exercise mainly focused on areas highly related to the Internet, aiming to understand how adversaries think and master offensive and defensive skills.

12月中旬，北约合作网络防御卓越中心在爱沙尼亚首都塔林举行代号“十字剑2024”的网络作战演习。该中心发布消息称，此次演习主要聚焦在与网络高度相关的领域进行演练，旨在了解对手的思考方式并掌握攻防技能。

In terms of the formation of the participants, in addition to the attacking "Red Team", the defending "Blue Team", and the command and control group "White Team", there is also a "Green Team" to protect network hardware and infrastructure, and a "Yellow Team" responsible for cyberspace situational awareness. About 200 people from 40 countries (including NATO member states and non-NATO member states) participated in this exercise, and partners of the CCDCOE such as Accenture and Microsoft also participated.

参演人员在编组设置方面，除攻击方“红队”、防守方“蓝队”、指挥控制小组“白队”外，还设置了保障网络硬件与基础设施的“绿队”，以及负责网络空间态势感知的“黄队”。本次演习有来自40个国家（包括北约成员国及非北约成员国）的约200人参演，北约合作网络防御卓越中心的合作伙伴，如埃森哲公司、微软公司等也参与其中。

NATO's cyber operations exercise Crossed Swords 2024 maintains several main features of the series of exercises.

北约“十字剑2024”网络作战演习，延续了该系列演习的几个主要特点。

First, it emphasizes the use of "mixed form" and "cross-domain" as a starting point to transform traditional combat thinking. The Crossed Swords series of exercises emphasizes the inclusion of traditional combat units and the simultaneous conduct of virtual and physical field exercises. This exercise continues to include special forces to strengthen the collaboration between special forces and cyber forces in the context of "multi-domain operations."

一是强调以“混合形态”的“跨域”演练为抓手转变传统作战思维。“十字剑”系列演习强调纳入传统作战单位，同时进行虚拟与实体领域的演练。本次演习继续纳入特种部队参加，旨在加强“多域战”背景下特种部队和网络部队的协作。

NATO believes that the boundaries between cyber and physical combat fields are gradually blurring. Although the importance of cyber warfare to future battlefields has been generally recognized, frontline commanders are still less familiar with cyber attack command and control procedures compared to their understanding of traditional weapon platforms. Frontline commanders often exclude cyber weapons and actions from the "combat toolbox" options, or regard physical and cyber warfare as separate combat methods and cannot use them interchangeably. The CCDCOE hopes to promote cooperation between traditional forces and cyber units through the Crossed Swords series of exercises, and change the combat thinking of frontline commanders by infiltrating "enemy" command and control systems or critical infrastructure.

北约认为，网络与实体作战场域的界限正逐渐模糊。尽管网络作战对未来战场的重要性已获得普遍认可，但一线指挥官对网络攻击指控程序的掌握程度，仍比不上对传统武器平台的熟悉程度。一线指挥官经常把网络武器与行动排除在“作战工具箱”选项之外，或者将实体作战与网络作战视为各自独立的作战方式，不能将二者交互运用。北约合作网络防御卓越中心希望通过“十字剑”系列演习，推动传统部队与网络单位的合作，通过渗透“敌方”指挥控制系统或关键基础设施，改变一线指挥官的作战思维。

Second, it enhances the capabilities and realism of the "Red Team" through role reversal and perspective-taking. The primary purpose of the Crossed Swords series of exercises is to train the specialized "Red Team" that plays the role of attackers in NATO's annual Locked Shields cyber defense exercises. In Crossed Swords 2024, the "Red Team" is divided into three groups: a user-end device attack team, an application attack team, and a network attack team. Members of these groups must adopt a role-reversal mindset to anticipate the techniques and methods that the defending "Blue Team" might use in real-world scenarios. This approach helps identify optimal attack strategies, enhances offensive capabilities, and increases the difficulty of the subsequent Locked Shields exercise.

二是通过换位思考强化“红队”的能力及仿真程度。“十字剑”系列演习的主要目的，是为北约“锁盾”年度网络演习培养专门扮演攻击者角色的“红队”。本次演习将“红队”分为3组：用户端设备攻击小组、应用程序攻击小组和网络攻击小组，各小组成员均须“换位”设想，预测网络防守方“蓝队”在真实场景中会用到的技术和方法，找出最佳进攻模式，从而提升攻击能力，增加后续“锁盾”年度网络演习的挑战性。

Third, it helps advance the development of cyber warfare guidelines and legal norms favorable to NATO. According to NATO sources, a notable feature of the structure design of the Crossed Swords series of exercises is the establishment of a dedicated legal team. This team provides legal advice and analysis on potential legal disputes arising from cyber offensive and defensive operations. By simulating real-world decision-making processes, the team can predict the challenges that may confront cyber operations. During the exercise, participants not only engage in offensive and defensive activities targeting critical infrastructure and network systems but also address issues of "legitimacy." This approach aims to replicate the complexity of real-world conflicts to preemptively develop solutions. It is reported that the ultimate goal is to promote the formulation of cyber warfare guidelines and legal norms that benefit NATO.

三是推动制定有利于北约的网络作战准则和法律规范。北约消息人士指出，“十字剑”系列演习参演编组设计上的一大特点在于，单独设立一个法律小组，负责为网络攻防可能引发的法律争议，提供法律咨询与分析，通过模拟现实决策过程，预测网络作战可能面临的挑战。演习过程中，参演人员除对关键基础设施与网络系统进行攻防外，还需解决“合法性”方面的问题，从而尽可能模拟现实冲突的复杂性，并预先制定解决方案。报道认为，其最终目的是推动制定有利于北约的网络作战准则和法律规范。