The largest NATO cyber defence exercise this year was affected by COVID-19 pandemic too. However the Allied Command Transformation (ACT) successfully organised the Exercise Cyber ​​Coalition 2020 from 16 to 20 November 2020. The 13^th exercise in the row gathered more than 1,000 participants from 30 Allied nations, four partner countries, the European Union institutions and the industry and academic community.

The Exercise was managed from the NATO Cyber Range in Tartu, Estonia. And conducted at various locations in the participating countries, Croatia included. The national authority was the Cyberspace Command of the General Staff of the Croatian Armed Forces. A team of 20 members of the Croatian Armed Forces conducted their activities in the Barracks “1. Gardijska brigada Tigrovi – Croatia” in Zagreb. They had previously taken a preparation workshop and familiarised with the cyber range in Tartu, and during that time the communication channels with the participating NATO bodies had been tested.

The importance of NATO’s largest cyber defence exercise, with a participation of members of the Croatian Armed Forces too, is evident from the basic objectives – upgrading the coordination and cooperation and strengthening the capabilities of NATO and partner countries in the protection of its cyberspace.

Specific expertise  

The group is manned mostly by members of the Cyber Operations Centre of Cyber Operations Centre, whose daily tasks consist in cyber security and threat response. They possess specific technical expertise, conduct digital forensics and analyse malicious codes

They are accompanied by a group of range administrators and by the members of the Self-standing Military Police Sector of the Ministry of Defence, who act as liaison with the Ministry of the Interior, and the members of the Military Security and Intelligence Agency, who are also assigned with forensics and analysis, and the members of the General Staff Operations Centre as role players”, says the Exercise Controller Captain Darko Brežnjak, who also underlined that the main scenario involved a NATO-led peacekeeping mission and engaged a number of international and state civilian institutions. Put briefly, the Cyber ​​Coalition 20 exercise entailed the testing of operational and legal procedures, intelligence exchange and co-work with industry and partners.

As we learned during our visit to the Exercise participants, the Exercise scenarios are fairly dynamic – designed and tailored to the current situation and possible threats in the area of ​​operation of the armed forces of any of the participating countries. Scenarios are released from the centre in Tartu to the national participants. The participants may be asked to provide defence against malware, solving hybrid challenges which comprise social media and social engineering, responses to attacks to mobile devices or applications. The participants are also requested to detect attacks, establish facts and provide feedback on the detected malicious activity and how the malicious code affected other participants. The exercises of the kind are highly important for all participants as they hone skills necessary in the event that some of the scenarios occur in real life.

 The training groups are not familiar with the scenarios and are expected to detect potential cyber threats. The scenarios are designed to recreate an atmosphere and realistic events associated with hacker and state-sponsored cyber-attacks on vital national infrastructure and civilian and military IT equipment. Captain Tomislav Murat as Incident Handling Officer in the Exercise had little time to make a statement given the fast pace of the Exercise. “We are exposed to high pressure and adrenaline. We have just had a situation where a user noticed a potentially risky process. The incidents from Tartu and Zagreb that call for a reaction succeed one after other. The participants need to investigate them properly, establish all the facts but also need to react quickly”, says Capt. Murat, who commended the performance of his staff and said they had enough time to prepare and did it well. “We always insist on including as many new personnel as possible in the exercise to combine youth with experience into a sufficiently large training group. My priority is always the human factor. You may have the best technology, both the hardware and software, but if you don’t know what and how to research and apply your knowledge, your response will not be effective”.

Standardised processes

The work of Croatian cyber specialists at the Cyber ​​Coalition is relevant at the international level. Solving the incidents by one participating nation can be helpful for other nations faced with similar incidents. When one nation is faced with an incident and successful solves it, sharing the technical information with other nations is highly beneficial for them to solve the problems faster. This objective can be achieved through standardised processes. 

While working on the tasks within the Exercise scenarios the participants use the available co-operative tools for sharing and exchange of technical information on computer security incidents used at NATO level. The tools are used at NATO level. According to Major Dejan Petek of the Cyber space Command the significance of the Cyber ​​Coalition exercise is evident from its basic objectives – primarily enhanced co-ordination and co-operation, and enhanced capabilities of NATO and Partner countries for protection and defence of NATO cyberspace.  

The exercise also upgrades the ability to conduct military operations within and through cyberspace. “Co-ordination and co-operation include the implementation of NATO and national procedures, including best practices related to the information exchange, cyber situation awareness, counselling and military and civilian decision-making, in accordance with national roles and responsibilities”, said Maj. Petek.

The Cyber Space Command has taken part in Cyber Coalition in the domain of development of cyber defence capabilities through:

• Awareness raising,
• Strengthening the co-operation of national bodies
• Development of co-operation with the private sector and the academic institutions and upgrading technical capabilities.
• Development of technical capabilities.

The Croatian participants

The Cyber ​​Coalition RH has taken part in Cyber Coalition since 2009 as an observer, and since 2013 as an active participant. Since 2016, the KIS Headquarters has been designated as the national exercise holder, and today it is the Cyberspace Command. The Exercise “Cyber Coalition” also engaged participants from other units of the Ministry of Defence and of the Croatian Armed Forces and of government institutions: national and regional bodies (the Ministry of Defence, the Security and Intelligence Agency, the Information Systems Security Bureau, the Croatian Regulatory Authority for Network Industries HAKOM, the national CERT, CARNet, the Ministry of the Interior, the Ministry of Foreign and European Affairs, the IT Institute in Osijek), the academic community  (the Faculty of Electrical Engineering and Computing of the University of Zagreb, the Faculty of Electrical Engineering, Computing and IT Technology of the University of Osijek and for the first time Faculty of Law in Osijek) and the private sector (the Algebra academy, Span, Diverto, Microsoft Croatia, INSIG2, Apatura, Eduron IS, Infigo IS, Končar KET, CS Computer Systems).

Technological innovations and expertise are provided through academic community, which is also engaged in Cyber Coalition 2020 as well as the private sector, in order to ensure the efficient cyber space defence in the Republic of Croatia. The participation of the Law School Faculty of Law enables legal advisers specialising in cyber defence to exchange knowledge and information pertaining to international law, national legislation and their application in cyber security, and to handle some complex legal issues related to cyber operations.

Croatian version:

Cyber Coalition 2020