Putting the C into CEMA

NATO Cyber Coalition 2022
NATO cyber warriors were put through their paces at this year’s Cyber Coalition event held in Tallinn, Estonia. This week-long exercise included 26 NATO members plus allied nations.

A recent NATO exercise in Estonia shed light on how the alliance sees cyber warfare at the operational and tactical levels.

This year’s North Atlantic Treaty Organisation (NATO) Cyber Coalition exercise concluded on 2nd December. Taking place in Tallinn, Estonia, the week-long initiative involved 1,000 cyber defenders from 26 alliance members, according to a NATO press release. Future NATO members Finland and Sweden also sent participants. They were joined by colleagues from Georgia, the European Union, Ireland, Japan, the Republic of Korea and Switzerland. Cyber Coalition 2022 explored “emerging and disruptive technologies, in support of military operators and commanders,” the press release continued.

Cyber Coalition 2022

This year’s event focused on a strategic-level exercise involving a fictious region called Icebergen in the north Atlantic. One regional fictious nation with a largely hostile posture towards the alliance performed cyberattacks on a neighbouring NATO member. Attacks were made against the friendly nation’s Critical National Infrastructure (CNI). Despite the exercise’s strategic aspect Cyber Coalition 2022 gave some valuable insight on NATO’s operational and tactical level cyberspace posture.


The close alignment of cyber effects with electronic warfare at the operational and tactical levels has triggered the emergence of CEMA (Cyber and Electromagnetic Activities) doctrines around the alliance. In 2014, the US Army published its FM 3-38 Cyber Electromagnetic Activities field manual. This was followed in 2018 by the UK’s Joint Doctrine Note 1/18 Cyber and Electromagnetic Activities text.

The US Army document defines CEMA activities as seizing, retaining and exploiting “an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system.” The UK Ministry of Defence publication envisages CEMA as the “synchronisation and coordination of cyber and electromagnetic activities, delivering operational advantage thereby enabling freedom of movement, and effects, whilst simultaneously, denying and degrading adversaries’ use of the electromagnetic environment and cyberspace.” In both cases, cyber and electromagnetic effects are delivered on the high seas, and on and above the battlefield, to support missions and manoeuvre.

Electronic attack is an ideal vector for cyberattack. Conventional electronic attack harnesses jamming to degrade, disrupt and destroy hostile radars, radios and communications networks. As electronic attack beams jamming into these systems via their antennas, this approach can help deliver malicious code. The code will then infect these systems and networks. Alternatively, networks hosting these systems can be conduits for malicious code into hostile battle management, and Command and Control (C2) systems.

Harnessing the Effects

These doctrines are making NATO think about how it harnesses cyber effects in the future. A senior air force officer from a NATO nation working in the alliance’s cyber defence domain told Armada how this process is unfolding. The Estonian Ministry of Defence’s CY-14 cyber range, where this year’s exercise occurred, can simulate cyber effects on operational/tactical-level battle management and C2 networks. This is useful for drafting tactics which might be used by the alliance in the future.

Work done on cyber defence at the strategic level is filtering into operational and tactical levels, said the officer. NATO also has an operational/tactical level cyber defence remit. “Cyber defence is about protecting your networks at every level, even down to individual systems used in armoured vehicles.”  Cyber warriors work hard to “prevent cyber attacks across all networks used by militaries,” said the officer.

Beyond these defensive tasks, the officer and his colleagues have a doctrinal responsibility: “We need to put cyber warfare into a language that a senior commander can comprehend. We need to explain to them what effects a particular cyber event could have on operational and/or tactical aspects at that moment.” The officer said that, although NATO has a standalone cyber doctrine, work needs to be done on the “integration of cyber effects into joint warfighting … We also need to see what cyber effects can go into standard land, sea and air doctrines.” Further work in these areas will be forthcoming. For example, NATO is already working on a messaging format for cyber operations. This is examined in our Sending a Clear Message article.

NATO Cyber Warriors at Work
Estonia’s CY-14 cyber range is an invaluable resource for NATO to develop cyber warfare tactics at the operational and tactical levels. Cyber effects are now becoming a reality on and above the battlefield, and on the high seas.

by Dr. Thomas Withington