Montenegro strengthens cyber capabilities alongside allies at Immediate Response 25

Photo By 2nd Lt. Paige Bodine | Service members from the Maine National Guard, Vermont National Guard, Armed Forces of...... read more read more

Photo By 2nd Lt. Paige Bodine | Service members from the Maine National Guard, Vermont National Guard, Armed Forces of Montenegro, and the Army of the Republic of North Macedonia pose for a group photo before beginning a cyber training exercise during Immediate Response 25 at Golubovci Air Base, Montenegro, June 2, 2025. The cyber exercise was developed and facilitated as a combined effort between the Maine National Guard and the Armed Forces of Montenegro through the State Partnership Program (SPP). The Vermont National Guard and the Army of the Republic of Macedonia, SPP partners since 1993, also participated in the exercise. This collaboration aims to build cyber defense capabilities and strengthen regional military cooperation. Demonstrating global deterrence and the U.S. Army’s ability to rapidly deploy U.S.-based combat power in Europe and the Arctic region alongside Allies and partners, DEFENDER 25 brings U.S. troops together with forces from 29 Allied and partner nations to build readiness through large-scale combat training from May 11-June 24, 2025. DEFENDER 25 increases the lethality of the NATO alliance through large-scale tactical training maneuvers and long-range fires, builds unit readiness in a complex joint, multinational environment and leverages host nation capabilities to increase the U.S. Army’s operational reach. During three large-scale combat training exercises—Swift Response, Immediate Response, and Saber Guardian—Ally and partner forces integrate and expand multi-domain operations capability, demonstrating combined command and control structures and readiness to respond to crisis and conflict. (U.S. Army photo by 2nd Lt. Paige Bodine)  see less | View Image Page

PODGORICA, MONTENEGRO

06.05.2025

Story by 2nd Lt. Paige Bodine and David Kennedy

U.S. Army Europe and Africa     

✔ ✗ Subscribe

47

PODGORICA, Montenegro—Nearly three years after a sweeping cyberattack disrupted Montenegro’s government networks, the country has taken a powerful step forward in strengthening its digital defenses. As part of Immediate Response 25, Montenegro hosted its largest and most complex cyber defense exercise to date.

The 2022 attack lasted more than 20 days. It disrupted government platforms and exposed vulnerabilities across banking, water, and power systems. Among the first responders were cyber units from the Maine National Guard, part of a long-standing partnership through the Department of Defense’s State Partnership Program. Many of those same service members have now returned to Montenegro, this time under very different circumstances.

Instead of responding to an emergency as they did in 2022, they worked side by side with the Vermont National Guard, the Armed Forces of Montenegro, and the Army of the Republic of North Macedonia in a joint multinational exercise designed to simulate a full-spectrum cyber assault. Over 10 days, participants navigated complex challenges modeled on real-world threats, including ransomware deployment and infrastructure disruption. While technical teams defended networks against an advanced persistent threat, a simultaneous tabletop exercise brought together senior leaders from Montenegro’s government, academia, and private cyber industry as well as international partners for strategic decision-making and crisis response.

Lt. Col. Kerry Boese of the Maine Army National Guard assisted in planning the tabletop exercise, helping bridge gaps between the military, government, industry, and academia.

"The tabletop exercise focused on a whole-of-government approach to pre-coordinate a response in case something ever happens," Boese said. "It reinforces our collaboration with NATO allies and shows that we can work together, meet NATO objectives, and build a unified response to cyberattacks."

From the start, Montenegro’s planning team set out to make the exercise truly multi-national in scope. Ms. Tijana Turkovic, head of planning, development, and cooperation for cybersecurity in Montenegro’s Ministry of Defense, played a key role in designing the tabletop component.

"We wanted to use our 2022 experience as a foundation," Turkovic said. "The goal was to connect technical incidents with strategic-level decision-making and coordinate a national-level response that includes ministries, the private sector, and our state partners."

For the first time, cyber operators from the Republic of North Macedonia embedded directly within combined Montenegrin and U.S. cyber defense teams. Working together in these multinational teams, they took on threat hunting, log analysis, and incident response tasks, gaining valuable hands-on experience in network defense.

Senior Master Sgt. Zachary Poulin, from the Maine Air National Guard who deployed to Montenegro during the 2022 crisis, served as the exercise controller for the tactical portion. Behind the scenes, Poulin’s team directed the evolving scenario and ensured all training objectives were met.

"In this exercise, there are good guys and bad guys. We’re the puppeteers behind the scenes," Poulin said. "We design a believable scenario and make sure every team is hitting their targets."

Poulin noted that the simulated attacks were modeled closely on ransomware techniques used during Montenegro’s actual cyberattack. In addition, it allowed Montenegro to have an opportunity to show its capability to lead in the cyber domain.

"This is giving Montenegro the opportunity to host and manage a live cyber exercise," he said. "And they’ve done an amazing job for their first time, with great collaboration from North Macedonia."

The role of adversary was led by 2nd Lt. Ivan Bajceta of the Montenegrin Armed Forces, who designed and launched threats based on recent global incidents.

"At first, the response from the defenders was chaotic," Bajceta said. "But as time went on, they were more ready to respond. It’s been amazing to see their growth and communication improve every day."

As the exercise commenced, the international cyber defense teams quickly began working to accomplish their mission. Each team had its own leader, one from Montenegro and one from the Republic of North Macedonia. This brought unique challenges and required careful coordination and attention to detail throughout the exercise.

“Working at an international level with people around the world is an amazing experience,” said Bajceta. “You get different perspectives and learn how to grow with other teams. But in cyber, there are no shortcuts. One mistake can ruin everything."

That global collaboration and attention to detail were central themes throughout the exercise, echoed by leaders at every level.
Maj. Isak Mrkaic, the exercise director from Montenegro, said the event was an opportunity not only to improve his country’s capabilities but also to elevate cooperation across borders.

“In the beginning, we had three goals,” Mrkaic said. “First, to show that the Montenegrin Armed Forces can conduct an allied cyber exercise. Second, to conduct tactical training and apply our knowledge. And third, to take a whole-of-government approach with stakeholders and national partners.”

What began as a modest concept quickly expanded. By the time the event launched, it had grown into a 10-day operation involving more than 120 participants from four countries, spanning tactical, operational, and strategic levels.

"This is the largest cyber exercise ever conducted by our Armed Forces and Ministry of Defense," Mrkaic said. "It’s a big step forward in how we work with partner nations."

Beyond its technical success, the exercise also marked a leap forward in integrating artificial intelligence as a tool for training in cyber defense. Junior analysts used large language models to process alerts from tools like Security Onion and Splunk, interpret malicious code and receive real-time guidance on attacker behavior. The AI acted as a digital advisor, accelerating analysis and giving even the least experienced team members the ability to make informed decisions quickly.

"The cyber domain is here, and systems are under perpetual attack," said Poulin. "Exercises like this, tied to major units and partner nations, are a perfect stepping stone. The 2022 attack was devastating, but it showed us the complexity of Montenegro’s system and how we can connect and support one another."

In a world where cyberattacks increasingly blur the line between civilian and military targets, the events in Montenegro underscore a new reality. National security is no longer confined to physical borders or conventional threats. On today’s battlefields, where attacks in the cyber domain can result in kinetic effects, connectivity is both a strength and a vulnerability. Countering this vulnerability may lie in the ability to act quickly, collaborate across nations, and trust both partners and technology.