Inaugural cyber defense drill builds partnerships, capabilities at Balikatan
Exercise Balikatan 2023, the 38th iteration of the annual training between the Armed Forces of the Philippines (AFP) and the United States military, featured an inaugural joint cyber defense exercise (CYDEX) in April 2023. Combined teams of Philippine and U.S. cyber defense experts at Camp Aguinaldo outside Manila, along with Philippine law enforcement personnel, trained on a U.S. Indo-Pacific Command (USINDOPACOM) cyber range, an interactive platform for cybersecurity training. Participants used simulations to defend a military network, critical civilian infrastructure and other digital points from malign state and nonstate actors such as criminal gangs and hacker collectives. Balikatan provided a venue to enhance the longtime allies’ collective capabilities and interoperability.
FORUM spoke with three CYDEX leaders as they worked to enhance established partnerships and bolster cyber defense tactics, techniques and procedures. The conversation has been edited to fit FORUM’s format.
Washington Air National Guard Lt. Col. Jason Silves has supported cyberspace defense operations at Cobra Gold since 2018, including leading efforts to establish the first cyber defense exercise at the annual multinational exercise in Thailand. He also helped create the inaugural Balikatan CYDEX.
Cmdr. Reynan Carrido has served as an AFP division chief at the Office of the Deputy Chief of Staff for Command, Control, Communications, Computers, Intelligence, Surveillance, Target Acquisition and Reconnaissance since 2021. He previously served as a staff officer and executive officer, including in information systems, cyberwarfare management, and operations and interoperability. He joined the Philippine Navy in 2005 after earning a computer science degree from AMA University in Quezon City, the Philippines.
Guam National Guard Capt. Plamin Rabino has served as Deputy G-6 of the Guam National Guard since October 2023. He was previously an infantry commander, signal platoon leader and infantry platoon leader. He has a master’s in computer science from Colorado Technical University and has held positions including defensive cyber operation team chief and information security system manager. He enlisted in 2006 and was commissioned as an infantry officer in 2012.
FORUM: What are the origins of the cyber defense exercise at Balikatan?
Silves: Since 2019, the Washington Air National Guard has had a relationship with the Royal Thai Armed Forces, and through that state-partnership relationship we built a cyber exercise with the Royal Thai Air Force. We had [U.S.] Marines come from III Marine Expeditionary Force, Defensive Operations-Internal Defensive Measures Company. So, we had Marines on one side, one participating team of Royal Thai Armed Forces (Air Force, Army, Navy and Marines) and three Washington Guardsmen running the exercise control cell. It was, compared to today, a very immature exercise. But it was a win. So, we went into planning Cobra Gold 2020 expecting more participants because in Cobra Gold we have seven participating nations — Indonesia, Japan, Malaysia, Singapore, South Korea, Thailand and the U.S. — and we expect maybe one or two other countries to jump onboard and participate. All seven came to the table and said they wanted in. We planned an exercise, took all of the lessons that we learned in 2019 and applied them to 2020. We had a great plan, then COVID hit. Fortunately, we had six of the seven countries actually still send [participants] to the exercise. [In] 2021 and 2022 … we did what we call a hybrid solution. We had some technical challenges just being remote and away from each other. Then, after we did Cobra Gold 22, the U.S. Indo-Pacific Command approached us about helping the Philippines build the cyber exercise. So, the Marine planners, along with the Guam National Guard who have the relationship with the Philippines, built this based off what we’ve done during Cobra Gold, using a very similar scenario and a focus on critical infrastructure protection. We’re really excited to see how this matures and that co-maturity with Cobra Gold and Balikatan as they both go forward.
We’ve kind of shifted the focus from cyber operations on the defense infrastructure to cyber operations and critical infrastructure with the realization that when conflict happens, critical infrastructure is actually going to be much more important than the information networks. CYBERCOM [U.S. Cyber Command] will still have a role in protecting the Department of Defense networks. But I started my career in the Army as a tanker so I understand fuel and bullets, and without fuel and bullets, we’re not moving. So, if the adversary can close a port or a train or prevent me from getting fuel, I’m not moving. So that’s where critical infrastructure becomes important.
As we focus on critical infrastructure and we mature these exercises, we’re actually driving a lot of questions. We’re driving commanders to realize that cyber is a much bigger problem than even they know. We’re driving policy questions of what authority the defensive cyber team has to operate on civilian infrastructure, and, quite frankly, there are questions we need to ask and address now in exercises rather than address in war because when conflict happens, we will have that mission. At that point, it’s going to be too late to understand how to protect critical infrastructure.
FORUM: What were your roles in Balikatan’s first CYDEX?
Carrido: As assistant director for exercise control, during the planning, I am the lead cyber defense exercise planner for the scenario management and a mission commander of the cyber defense exercise.
Rabino: My role is cyber exercise director. I look at all of the requirements, making sure that it is running smoothly and then also making sure there is training value, especially for our team in charge of the cyber defense. We are focusing on them in order to build the capacity within our region.
FORUM: What was most important about CYDEX for Balikatan participants?
Carrido: I think the involvement of a wider range of training scenarios in the cyber range, [and] as a cyberwarfare capacity-building for our AFP cyber personnel, including the Philippine National Police, the Philippine Navy, Philippine Army, Philippine Air Force. The personnel should be capable of operating technology to secure the network of the AFP and the critical infrastructure of the government. I think, with the U.S., we have gained experiences and lessons that we share for this cyber defense exercise.
Rabino: For me, cybersecurity is very important in our multidomain operation. It tackles how we can protect assets in the land, air and sea because we’re all connected in a digital space. We talked about the military side, but we want to also talk about the private sector and government agencies. Cyber technology is moving so fast. We have artificial intelligence. We have quantum computing. We need to make sure that our cyber professionals are able to keep [up] with all the technologies actually being produced.
Right now, we’re able to learn all of the cybersecurity tools we want to focus on, making sure that our cyber professionals have a skill set in order for them to actually defend the network. They need to make sure they actually apply all these tools in order for them to monitor the network and continue to remediate vulnerabilities. It’s all about risk management. We know we cannot protect everything, but at least we can protect the critical infrastructures, not only for the country but for that community as well; all of the critical infrastructure the people rely on — power, water, our water dams and transportation.
FORUM: Why is partnership essential in cyber defense?
Carrido: The cyber defense exercise is not only training individually but [with] the multilateral partnership, not only on a technical level but also enhancing our camaraderie within the Armed Forces of the Philippines, with the Guam National Guard, Marine Forces Pacific, Pacific Air Forces, Pacific Fleet, and our U.S. counterparts with the National Guard from Washington, Guam and Hawaii.
As we establish engagements with the U.S., this capability should be enhanced with the help of our counterparts.
Rabino: Our relationship matters. We may see the ocean as somewhat separating us, but we use it to actually connect us because we’re all in that island archipelago environment. So, we’re very happy and very fortunate that we have partners, especially with the Armed Forces of the Philippines. It matters for us because in the cyber world, you don’t need to be in a certain place in order to do something to another region. We should all work collectively, not only as military service members but also as cyber professionals within our region. There’s a demand [on] cyber professionals, things that we need to protect. The more awareness we give to the community, the better it is for the whole world.
FORUM: How does CYDEX translate to real-world cybersecurity?
Carrido: All of the training scenarios are conducted with the Philippine Armed Forces and the U.S. For example, [protecting] water treatment facilities, power generation, a smart building, using a SCADA [supervisory control and data acquisition] and telecommunications that can be compromised using the cyberattack. These are existing critical infrastructures that need to be protected, wherein the military could be the first line of defense during times of conflict. So those critical infrastructures should be a priority. Other nations engaging in this type of cyberwarfare capability, they can cripple people without firing a gun. Cyber can be used as a form of warfare that can cripple the economy of another state. The scenarios within the cyber defense exercise exist in the current world and need to be addressed.
The message for our cyber professionals is: Learn the techniques and procedures that can be used in order for us to develop our own [AFP] policies. Take the lessons learned and enhance our capability in terms of cybersecurity, cyber defense, and make our own cyberspace operations in terms of what we experience at Balikatan.
Rabino: In order for our team to really enhance skills in cybersecurity, they not only must go through [computer science] courses but should be able to conduct hands-on training on what they learn. So, during this cyber exercise, with the cyber range we have, it’s very beneficial for our cyber professionals.
For example, the infantryman needs a weapons qualification range to engage the target. This is the same for cyber professionals. The cyber professionals need a cyber range in order to defend a network. Of course, we cannot train on an actual production network because we don’t want to actually break the production. Therefore, we need to have it in the sandbox. The United States Soldiers, Marines, Airmen, Space Force, they’re learning a lot. It’s a big win for us to have this cyber range, especially on the first cyber exercise we have here in Balikatan.
FORUM: What can cyber professionals offer not only to the military but to civilians?
Carrido: We need cyber professionals and armed forces to protect networks, personal information and organizational information. Just like military organizations not allowing their information into the public, it is important to do the same personally as it could be used as intelligence information gathering. This cyber exercise is not only protecting the public and military but also my family. If you are using the internet, simply clicking a link could be detrimental. All of your information is out there. So, this is how we protect the military, our families and ourselves. They are all connected when it comes to cybersecurity.
Rabino: Professional development is key. We have a lot to learn about cyber. Even as simple as changing a password — you do it in a complex method with 14 characters, special characters, different numbers and capital letters. It is important especially now, especially to the younger generation.
For cyber awareness, we need to reinforce at all levels from the education sector, college sector, private sector, government sector and, of course, the military sector.