News articles

Cyber Aggressors Challenge Red Flag Forces

The personnel from the RAF, Royal Navy, United States Armed Forces and the Royal Australian Air Force (RAAF) who have gathered at Nellis Air Force Base in Nevada have one aim - to launch combat aircraft to participate in the most complex and realistic air combat exercise available in the world.

But as in real life, the threats to the successful prosecution of air operations are not limited to opposing fighter aircraft or missile systems. On Exercise Red Flag a team known as The Cyber Aggressors are posing an altogether different threat, seeking to cause as much disruption as possible to gain an advantage for the mock enemy.

First Lieutenant Nathan Grafton, USAF, is a Cyber Team Chief. He said:

“As Red Forces we try to give the Blue Forces a realistic picture of what they would see in a real time war scenario. As a Cyber Aggressor my role is to try and get into your computer or your servers and get the information I want out and then take that capability away from you so you can’t use it against my team.”

He added, “We’re giving the Blue Forces a good picture of where their weaknesses are right now, and they’re shoring up those weaknesses with swift fix actions. As the exercise progresses I’m being a bit sneakier, so they can’t find me so easily. In the final week I’ll try and take everything away from them so they can’t fight us at all.”

First Lieutenant Nathan Grafton
USAF Cyber Team Chief


The Aggressors pride themselves on having a real person, not a machine, providing the opposition on the exercise. Having an adversary who thinks on their feet, who responds to the coalition defences and tries to defeat them, replicates the real world as US Marine Gunnery Sergeant Mills of the explained: “When you’re dealing with the cyber fight you’re dealing with another individual, it’s person versus person, not tool versus tool.”

He added: “Having a thinking adversary emulated on the network allows us to help the Blue Forces adapt their tactics, techniques and procedures on the fly. That’s real live training, the best we can provide and it really helps you think outside the box.”

The UK Cyber Detachment Commander is Flight Lieutenant Al Hall. “We are here to give UK cyber protection teams experience in a tri-service environment against a near peer adversary. As part of that a network has been created on the UK’s only cyber range at Waddington which to defend our exercise network. A relatively small team has been deployed with the bulk of our team based back at RAF Leeming working remotely.”

He added, “Of primary importance is the integration with partner nations and the constituent parts of the detachment that we would not normally see. The value of our training is not in the defence of our network or the winning or losing but rather in learning how the adversary works and develops.

“We do not have to launch a missile to have an effect but a cyber effect can have a physical outcome such as affecting power distribution, computer systems or enemy aircraft. It is important to protect our networks to allow commanders to have confidence in our own systems.”

One of the RAF representatives on the Aggressor Team is Corporal Sam Jackson who provides Cyber Threat Intelligence.Red Flag has been a real eye-opener and it’s been absolutely fantastic to work with other organisations and countries and to see how they do things” he explained. “I’ll be able to use the knowledge and experience I’ve gained here to be able to help defend UK networks in the future.”

This view was echoed by RAAF Squadron Leader Greg Atkinson, Chief of Training in the 57th Information Aggressor Squadron who said: “I think Red Flag is incredibly valuable as this is the only exercise where we truly integrate in a fully multi-domain sense. Everyone is here to support putting bombs on targets, it’s training how we really fight.”