By Wang Daning

The NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) kicked off the cyber operations exercise Crossed Swords 2024 in Tallinn, capital of Estonia in mid-December. The center announced that the exercise mainly focused on areas highly related to the Internet, aiming to understand how adversaries think and master offensive and defensive skills.

In terms of the formation of the participants, in addition to the attacking "Red Team", the defending "Blue Team", and the command and control group "White Team", there is also a "Green Team" to protect network hardware and infrastructure, and a "Yellow Team" responsible for cyberspace situational awareness. About 200 people from 40 countries (including NATO member states and non-NATO member states) participated in this exercise, and partners of the CCDCOE such as Accenture and Microsoft also participated.

NATO's cyber operations exercise Crossed Swords 2024 maintains several main features of the series of exercises.

First, it emphasizes the use of "mixed form" and "cross-domain" as a starting point to transform traditional combat thinking. The Crossed Swords series of exercises emphasizes the inclusion of traditional combat units and the simultaneous conduct of virtual and physical field exercises. This exercise continues to include special forces to strengthen the collaboration between special forces and cyber forces in the context of "multi-domain operations."

NATO believes that the boundaries between cyber and physical combat fields are gradually blurring. Although the importance of cyber warfare to future battlefields has been generally recognized, frontline commanders are still less familiar with cyber attack command and control procedures compared to their understanding of traditional weapon platforms. Frontline commanders often exclude cyber weapons and actions from the "combat toolbox" options, or regard physical and cyber warfare as separate combat methods and cannot use them interchangeably. The CCDCOE hopes to promote cooperation between traditional forces and cyber units through the Crossed Swords series of exercises, and change the combat thinking of frontline commanders by infiltrating "enemy" command and control systems or critical infrastructure.

Second, it enhances the capabilities and realism of the "Red Team" through role reversal and perspective-taking. The primary purpose of the Crossed Swords series of exercises is to train the specialized "Red Team" that plays the role of attackers in NATO's annual Locked Shields cyber defense exercises. In Crossed Swords 2024, the "Red Team" is divided into three groups: a user-end device attack team, an application attack team, and a network attack team. Members of these groups must adopt a role-reversal mindset to anticipate the techniques and methods that the defending "Blue Team" might use in real-world scenarios. This approach helps identify optimal attack strategies, enhances offensive capabilities, and increases the difficulty of the subsequent Locked Shields exercise.

Third, it helps advance the development of cyber warfare guidelines and legal norms favorable to NATO. According to NATO sources, a notable feature of the structure design of the Crossed Swords series of exercises is the establishment of a dedicated legal team. This team provides legal advice and analysis on potential legal disputes arising from cyber offensive and defensive operations. By simulating real-world decision-making processes, the team can predict the challenges that may confront cyber operations. During the exercise, participants not only engage in offensive and defensive activities targeting critical infrastructure and network systems but also address issues of "legitimacy." This approach aims to replicate the complexity of real-world conflicts to preemptively develop solutions. It is reported that the ultimate goal is to promote the formulation of cyber warfare guidelines and legal norms that benefit NATO.