This week, the cyber experts and planners from NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and partner nations are convening for a technical test run ahead of one of its annual flagship cyber exercises, Crossed Swords. The hands-on rehearsal will validate connectivity, simulation environments, and coordination channels so the full exercise in November can run securely, reliably, and at scale.
Crossed Swords aims to enhance the skills of both operational-level military command elements in managing offensive and defensive cyberspace capabilities, and tactical-level cyber specialists in executing defensive and full-spectrum offensive cyber operations.
The Exercise Director, Major John William Dall, explains that this year’s exercise is explicitly about training for the capabilities NATO Allies and Partners require today. “Crossed Swords 2025 focuses on building NATO’s capacity to employ proportionate, legally grounded cyber countermeasures. By exercising offensive cyber operations units within command structures alongside threat hunting, digital forensics and embedded legal advice, Allies improve readiness to protect critical systems, deter aggression and accelerate recovery. This exercise is not about repeating past approaches, but what we need to do now,” emphasized Major Dall.
Crossed Swords trains Allies and partners to plan and execute proportionate countermeasures – actions that disrupt or neutralise hostile cyber effects threatening national critical infrastructure, military systems or civilian safety. The exercise emphasizes command-authorised operations, legal oversight, and coordinated multi-domain control so participants can practise timely, lawful responses that deter adversaries, limit harm, and speed recovery.
This year’s exercise will introduce several new features, including the involvement of both public- and private-sector participants in the operational planning phase to strengthen cross-sector cooperation, as well as the integration of psychological operations. In addition, the exercise will place extra emphasis on skills and collaboration within tracks that are already an integral part of Crossed Swords but are now being further developed:
- Offensive cyber units will undergo both commanded and free-role training, preparing operator teams to execute missions under a Cyber Command while also offering a permissive training environment for more independent participants to experiment, innovate, and optimise offensive skills.
- Cyber–Special Operations Forces cooperation in multi-domain operations will be strengthened to enhance how cyber operators and Special Operations Forces support each other in complex missions.
- Legal advisors will play a greater role in operational planning, ensuring that legal expertise is fully integrated into decision-making to safeguard both effectiveness and legitimacy.
- Digital forensics in operations will be strengthened to enhance how specialists uncover technical evidence and deliver actionable operational intelligence, supporting both defensive investigations and offensive operations.
- At the same time, threat hunting for network protection will advance defenders’ ability to detect adversaries inside complex digital environments.
- The exercise design itself is rooted in instructional design principles, with real-life scenarios and environments built to emulate threats and actors. This ensures participants not only train in realistic conditions, but also develop skills through a structured process of role-based learning.
These tracks, combined with the continued alignment between the Crossed Swords and Locked Shields exercises, make sure NATO CCDCOE cyber training remains current and relevant.