The Colombian Navy led the first cybersecurity, cyber defense, and cyber intelligence exercise as part of international exercise UNITAS LXIV, held in Cartagena July 11-21. This was the first time in the history of UNITAS that such an exercise was carried out.
The exercise was attended by participants from Brazil, Chile, Colombia, Ecuador, France, Germany, Honduras, Jamaica, Panama, Peru, South Korea, Spain, United Kingdom, United States, and Uruguay, who had the opportunity to test their skills.
“We learned a lot, but the important thing about this exercise is to weave these ties of interoperability to have a safer continent and area,” Colombian Navy Commander Francisco Jaraba, commander of the Naval Cyber Command, told the press during the exercise.
The purpose of the exercise was to strengthen strategic, tactical, and operational capabilities concerning cyberthreats that may occur in the different scenarios of naval warfare. Its objective was also to strengthen the possibilities of counteracting these attacks to naval units systems, to guarantee sovereignty in maritime, fluvial, air, and land spaces, the Colombian Navy indicated.
“Considering that current wars are increasingly hybrid with cyberattacks as a crucial first step, it is essential to address threats of a cyber nature that are experiencing exponential growth,” Colombian Navy Lieutenant Commander Juan Carlos Camilo García Ruiz, head of the Naval Cyber Command’ Cyber Defense Department of the Naval Intelligence Headquarters, told Diálogo. “This is due to the growing interconnection between countries in terms of information technology networks and operational technologies.”
Such interconnectedness leaves countries and their societies vulnerable, making it necessary for security forces to ensure the implementation of operations to safeguard cyberspace, Lt. Cmdr. Garcia said. “This is where the incorporation of an exercise under UNITAS becomes relevant, facilitating the integration of capabilities and standardization of processes.”
For the implementation of the exercise, specialists from the U.S. Navy played a crucial role in providing detailed information on how to deal with various threats of a cyber nature that may arise in a naval warfare context, Lt. Cmdr. Garcia said. They also presented strategies and tactics to counter and respond to cyberattacks, and to demonstrate how different cyberthreats can manifest themselves and affect naval operations.
“The [cyber] threats are similar to other domains such as nation states, spy agencies, organized crime groups, and cyber mercenaries, however, in the exercises, both technical and strategic, we focused on cyber espionage, attacks on critical infrastructure with malware, ransomware, APT, and zero-day malware, as well as GPS spoofing attacks and the use of advanced or custom malware,” Lt. Cmdr. Garcia said. “We also considered insider threats from ‘insiders’ that could disrupt naval unit operations, leading to a digital blackout.”
The exercise helped strengthen decision-making at all levels of command to handle crisis situations, cyberattacks, and system vulnerabilities, among others, in the face of possible risks to the reliability, integrity, and availability of surface, submarine, and air units for mission accomplishment, Lt. Cmdr. Garcia said. “The effective implementation of cooperative security allowed increasing ties of interoperability at the Multinational Task Force level to achieve sea control with specific actions in cyber defense, thus improving response capabilities among the participating navies, in addition to strengthening interdisciplinary work, information exchange, and continuous training.”
Among the conclusions drawn from this first exercise is the need to standardize operational processes in the field of cybersecurity, cyber defense, and cyber intelligence, in order to optimize the effectiveness of operations. Likewise, participants highlighted the importance of having continuous and highly specialized training for personnel involved in these areas, because the constant evolution of cyberthreats and their complexity require professionals to be aware of the latest trends and techniques to effectively perform their responsibilities.