U FOUO REL USA NATO US EUROPEAN COMMAND AFTER ACTION REPORT Directorate Branch Action Officer Rank Name DSN Event Name Date of Event DD MMM VY 23-25 JUN 19 ECJ64 JCC Exercise Baltic Ghost 2019 SUMMARY U On 25-27 June in Legionowo Poland USEUCOM and the Polish National Cyber Security Centre NCSC hosted the 4 th annual Exercise BALTIC GHOST a table-top exercise TTX supporting Enhanced Forward Presence eFP Participants were asked to explore the operations actions and activities in the cyber domain necessary to respond to aggression in a cyberspace contested degraded and denied environment The outcome of Baltic Ghost 2019 sets the stage for increased discussions at the National and Coalition level to address identified gaps and challenges PARTICIPANTS Participating nations included Estonia Germany Latvia Lithuania the Netherlands Poland the U K and U S Additionally National Guard State partners from Illinois Maryland Michigan and Pennsylvania participated as well one representative from the Defense Information Systems Agency DISA and one from the Multinational Coordination Element North East MNC-NE AFCYBER provided exercise facilitation support while the scenario was developed by the USEUCOM JCC Defense Cyber Operations team BALTIC GHOST SCENARIO U l FOUO REL USA NATO U Scenario objectives I U Understand the operational and strategic-level impacts of a cyber-attack and the appropriate cyber defense to support military operations 2 U Inform perspectives on the roles and responsibilities and decision rights and authorities of key stakeholders U S and NATO during a coalition and allied response 3 U Share best practices for collective cyber defense processes procedures and structures U FOUO REL USA NATO Emerging themes from the first two objectives centered on and as with previous iterations of Baltic Ghost information sharing D iscussion related to these topics included the following • U l FOUO REL USA N ATO • U Information sharing challenges were categorized in 3 distinct areas Nation to nation trust and authorities technical availability and a general understanding of what information should can be shared Potential mitigations include o U o U Distribution Signature and Report Date ECJ2 ECJ6 ECJ6 JCC BG Participants ECJ6-CySC 2 JUL 19 Coordination Page 1 of 3 U FOUO REL USA NATO U FOUO REL USA NATO US EUROPEAN COMMAND AFTER ACTION REPORT Directorate Branch ECJ64 - JCC C SC Event Name o • • Date of Event DD MMM VY 23-25 JUN 18 Exercise Baltic Ghost 2019 U o U U FOUO REL USA NA G- U FOUO REL USA NATO o U 0 U U The third objective focused on cyber defense processes and structures highlighting developing policies to provide cyber forces to NATO Major discussion points were as follows • U fOUO REL USA NATO o UI FOUO REL USA NATO o • U FOUO RE o U FOUO REL USA NATO U FOUO REL USA NATO I • U FOUO REL USA NATO I I Distinguished Visitors Discussion • U USEUCOM 16 BG Biank and NCSC Director o U FOUO REL USA NATO o led a discussion on eFP cyber-related iss ues UI FO UO REL USA NATO Distribution Signature and Report Date ECJ2 ECJ6 ECJ6 JCC BG Participants ECJ6-CySC 2 J UL 19 Coordination Page 2 of 3 U FOUO REb USA NATO U FOUO REL USA NATO US EUROPEAN COMMAND AFTER ACTION REPORT Directorate Branch Action Officer Rank Name DSN CJ64 - JCC C SC Event Name Date of Event DD MMM VY 23-25 JUN 18 Exercise Baltic Ghost 2019 INTRODUCTORY BRIEFS U Highlights of the introductory briefs are as follows • U The Cyber Defense Management Board COMB established following Baltic Ghost 2018 briefed their newly established lines of effort aimed at moving from a unity of standards to a unified force o LOE I Establishment of a federated force structure o LOE2 Establishment of a Cyberspace Common Operational Picture COP o LOE3 Establishment of a cyber defense framework • U Germany supporting eFP Lithuania briefed major tasks of the Cyber Domain Team CDT o Advising the Commander of eFP Lithuania • • • • o Conducting cyber awareness training o Maintaining the cyber situational picture U The Netherlands working with Germany to support ef P Lithuania briefed on current initiatives o European Union EU Permanent Structured Cooperation PESCO project aimed at creating a volunteer Quick Reaction Force - Cyber to assist with National cyber defense issues on a case by case basis o Poland highlighted PESCO project U Lithuania Anned Forces primary areas of focus within cyber o LOA 1 Cyber Defence of LAF information systems o LOA2 Cyber Defence of LAF information systems and military critical infrastructure o LOA3 Cyber Defence of Lithuanian cyberspace U United Kingdom o U Cyberspace domain integration should be similar to other 3 domains o W FOUO REL UliA NATO U United States eFP Battlegroup S6 in Poland highlighted challenges from the tactical units on ground o U The importance of confidentiality integrity and availability of IT systems noting that without availability users will often disregard integrity and confidentiality TEAM TAKE AWAYS • U • U • U • U • U • • U U • U • U Distribution Signature and Report Date ECJ2 ECJ6 ECJ6 JCC BG Participants ECJ6-CySC 2 JUL 19 Coordination Page 3 of3 U FOUO REL USA NATO