Military organisations face challenges when it comes to generating recognised cyber situational pictures. Even though data exchanges are important in all of them, the traditional battle theatres of land, sea, and air, as well as space and the cyber domain, have largely had separate, disconnected and fragmented information infrastructures. These infrastructures lack the outside-in view and the ability to aggregate and correlate massive datasets from across domains, networks, endpoints, and defence clouds for the purpose of providing situational awareness and insight into supply chain exposures. When mapped to actionable threat intelligence, machine learning and artificial intelligence can allow you to predict emerging threats and help your cyber defence security operations centres (SOCs) to reduce your mean time to detect and mean time to respond down to minutes.
AI and Cybersecurity
National Positions on International Law in Cyberspace: Challenges, Opportunities, and Best Practices
This workshop seeks to unpack the main legal and policy questions facing States when developing a national position on international law in cyberspace. These are official statements issued by States that propose interpretations of key international rules and principles in the cyber context. The workshop will feature a panel of experts and interactive discussions on the legal and political importance of issuing national positions, their impact on the development of international law, and the methodology and other procedural aspects involved in their preparation, as well as the key legal and policy dilemmas facing States when developing such positions.
AI in Virtual Manipulation
This panel discussion will explore the growing significance of AI in information warfare, with a focus on its role in strategic communications. Recognising that warfare is increasingly a cognitive endeavour, strategic communications bridges cognitive effects with kinetic activities. In this landscape, recent advancements in AI technology offer the capacity to influence both the information environment and how information is consumed. Experts will examine the practical implications of AI’s increasing role in deceptive strategies, specifically the use of AI-powered bots and trolls, and the challenges and opportunities AI poses for defenders. The discussion will also analyse recent shifts in narrative strategies, including the exploitation of conflicts like the Hamas–Israel conflict, and assess the broader impact of social media platforms as instruments of propaganda. The goal is to provide actionable insights and encourage dialogue among professionals, deepening our understanding of the complex challenges and opportunities that AI introduces to the spheres of virtual manipulation and information warfare.
‘P.&.R.I.C.L.E.’ Protection & Resilience in a CEMA Live Environment
The aim of this demo is to show how it is possible for a networked critical/military infrastructure can be exposed to cyber threats via radio frequency once an malicious actor has knowledge about its vulnerabilities. The demo will show how it is possible to build resilience to such attacks by putting in place defensive/protective measures in the electromagnetic spectrum as an additional defensive layer in the network to be protected.
The demo will draw on a realistic operational scenario based on a cooperative air and maritime offensive operation to show the effects of a cyber electromagnetic activity (CEMA) threat on a critical military infrastructure exposed to an malicious actor’s electromagnetic spectrum operation (EMSO).
The same scenario will be run in the second part of the demo, but with the addition of a defensive layer to the radio frequency section of the whole infrastructure to demonstrate possible solutions for enhancing the resilience and protective measures of a sensitive network exposed to an EMSO.
Cyber in Conflict – Lessons from Ukraine for Strengthening International Law and Protecting Civilians
The Workshop „Cyber in Conflict – Lessons from Ukraine for Strengthening International Law and Protecting Civilians “, jointly organized by CCDCOE and the German Federal Foreign Office, addresses the challenges of applying international humanitarian law in the digital age. Speakers from State and civil society actors will speak on the role of current cyber developments in blurring the traditional distinction between combatants and civilians in armed conflicts, putting the safety of civilians at risk. The event will look at the impact of private hacker groups, the militarization of civilian apps and cyber defense by private civilian companies.
Real-Time OSINT: A Vital Tool to Better Understand and Respond to Modern Cyber Conflicts
While cybersecurity attacks pose a major threat, geopolitical tensions around the world are increasingly impacting daily operations. Distant conflicts can disrupt supply chains, critical infrastructure, and digital services. In this workshop, we will examine how real-time open-source intelligence (OSINT) enhances situation awareness and incident response, using current examples of globally impactful conflicts such as Ukraine, Gaza, and the Red Sea. Attendees will learn why OSINT is a critical tool for understanding and mitigating cyber threats and geopolitical risks, informing proactive defence strategies to enhance operational resilience and response planning.
Responsible Cyber Operations (RCO): Unpacking Principles and Mechanisms (this session is for conference attendees from NATO/EU/CCDCOE member countries)
In 2022, the United Kingdom’s National Cyber Force (NCF) published a document outlining its approach to responsible cyber operations. The document, among other things, introduces three operational principles that guide the activities of the NCF. Operations should be accountable, precise, and calibrated as well as ‘conducted in a legal and ethical manner, in line with domestic and international law’ and national values. Some countries have sought to publish material relating to their conduct of cyber operations. The Royal United Services Institute is organising this closed workshop to explore principles and mechanisms for responsible cyber operations.
The workshop will gather a select group of stakeholders to unpack how NATO member states have sought to operationalise their views on what guides responsible action in conducting cyber operations. Participants are expected to come prepared to engage in a dialogue.
The objective of this workshop is threefold: (i) to foster a dialogue on what responsible cyber operations are from a national perspective, (ii) to map experiences and perspectives on RCO, and (iii) to identify convergent and/or distinct approaches to RCO.
This session is for conference attendees from NATO/EU/CCDCOE member countries. Request for attending is done when registering and is subject to approval by organisers.
How to Establish a Proactive Cyber Operational Element in NATO (this session is for conference attendees from NATO/EU/CCDCOE member countries)
CCDCOE recently published a paper arguing that no matter the outcome of the Russia-Ukraine armed conflict, Russia’s ambition to manage Europe’s security architecture will not abate. Additionally, the paper argues that should the West’s strategy of debilitating Russia’s defence industrial base be successful, Russia will resort to aggressively employing cyber capabilities in pursuit of that ambition. Consequently, the paper argues, NATO ought to establish a proactive cyber operational element to preclude, inhibit, and otherwise constrain Russia’s forecasted, aggressive efforts in and through cyberspace to weaken the EU and NATO alliances and undermine the credibility of their democratic governments. The workshop will gather key stakeholders from NATO and the EU member states to discuss and propose ideas for operationalising a proactive cyber defence posture. After the conference has concluded, participants will be provided with a short paper highlighting key insights and findings.
This session is for conference attendees from NATO/EU/CCDCOE member countries. Request for attending is done when registering and is subject to approval by organisers.
Cyber Election Interference Workshop and Tabletop Exercise
With almost 50% of the world’s population going to the polls in 2024, the issue of election interference looms large. This hands-on workshop and TTX will explore the tactics used in both attacking and defending an election. By engaging with the scenario, participants will get an opportunity to identify key markers of election interference and debate the importance of the variety of approaches that cyber-enabled operations present. Participants will be given a short brief on the fictional state of Ludostan, around which the scenario is built. They will be assigned to a red or blue team and will then have to decide what they will do in the exercise to reach their goal of either defending or undermining the election. The exercise will conclude with a debrief and plenary session to discuss the issues and lessons learned.
Because election interference has an impact on a wide variety of domains, the workshop is open to all CyCon attendees who have an interest in engaging with the topic.