An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | Nov. 4, 2022

CYBERCOM concludes CYBER FLAG 23 exercise

By U.S. Cyber Command Public Affairs

U.S. Cyber Command hosted CYBER FLAG 23-1 CF23-1 a Multinational Tactical Exercise on October 17-28 as well as a Multinational Symposium MNS and Tabletop Exercise TTX October 27-28 at the Joint Staff Training Facility, Suffolk, Va.

More than 250 cyber professionals from eight different nations made up the primary training audience for CF23-1. They operated as 13 national and multinational cyber teams with three supporting elements that worked to counter a combined opposing forces team. 

CYBER FLAG is an annual CYBERCOM defensive cyber exercise that provides realistic “hands-on-keyboard training” against the activities of notional malicious cyber actors in a virtual training environment. The exercise is designed to enhance readiness and interoperability by exercising collaboration through realistic defensive cyberspace training with the participating teams and observers. 

“CYBERCOM’s exercise programs are unique to our culture and position in the cyberspace domain, said U.S. Coast Guard Rear Adm. Joseph Buzzella, Director, Exercises​​ and Training, US Cyber Command. “The training and synchronization that occurs within CYBER FLAG helps us improve readiness, interoperability, furthers our capacity and strengthens a community of partnerships across defensive cyber operators.”

For CF23-1 participating nations include teams from Australia, France, Japan, New Zealand, Republic of Korea, Singapore, the United Kingdom and the United States. In addition to CYBERCOM, personnel from U.S. Army Cyber Command, U.S. Navy Fleet Cyber Command and U.S. Marine Forces Cyber Command also participated, with operational support provided by Joint Force Headquarters – Department of Defense Information Network. 

British Rear Admiral Nick Washer, director Operations at Defence Digital, Ministry of Defence said, “Cyber does not recognize geographic borders. Our relationships with partners offer huge shared benefits; operations like this with U.S. Cyber Command put our expertise into practice and enhance our collective defence.”

By training together with partners we strengthen our relationships, understand capabilities, inform collective cyber security and affirm the importance of an open, reliable, and secure internet.

The exercise utilizes the Test Resource Management Center’s TRMC National Cyber Range NCR. The NCR allows for real-world tactically focused training and information sharing of tactics, techniques, and procedures among all the partners. The platform provides exercise designers with a level of versatility to adapt training situations to what the Cyber Protection Teams CPTs might experience in their day-to-day defensive operations.

Exercising teams followed various scenarios through a road to crisis framework against notional advanced persistent cyber threats. The defensive cyber teams work independently to detect, identify, and mitigate adversarial presence or activities on their respective networks. Because the training scenario is adaptive, the exercise challenges require teams to collaborate and use creative solutions to advance their defensive measures. 

In addition to exercise activities, CYBERCOM hosted a two-day Multinational Symposium and Tabletop Exercise with more than 30 additional interagency and international partners. The event included a series of briefings, coordination discussions and sessions focused on interoperability and cyberspace challenges in the Asian Pacific Theater and relevant to regional and Five Eye partners. Building off of the framework initiated during CF21-1 and CF22 these sessions will reinforce the value of training opportunities, partnerships and information sharing by examining cyberspace coordination at various operational levels. 

Cyber Flag occurred in two iterations this year, CYBER FLAG 22 in July and CF 23-1 in October. The previous exercise iteration, CF22 focused on the European Theater. CF23-1 is the first time the exercise series had a focus on the Asian Pacific Theater and included partners from the region.