Goyang, South Korea ― Defence Cyber Marvel 4 — Last week, soldiers from 27 countries simultaneously logged into a simulated world designed to mirror real-world societal structures, threats, and media environments. Divided into teams, the warriors competed to test their cyber capabilities in an international exercise led by the United Kingdom’s Ministry of Defence. The event took place Feb. 24-28 in Goyang, a satellite city of Seoul.
The Defence Cyber Marvel (DCM), organized by the British Army Cyber Association, began as a domestic training event in 2022 before expanding internationally the following year. As an annual competition, DCM brings together teams from government agencies, defense, and industry partners to compete their ability to counter cyberattacks against allied forces in real-world scenarios. While last year’s exercise included participants from 17 countries, this year’s DCM4 featured 36 teams from 27 countries, with more than 1,000 personnel taking part. The Readable visited the exercise and spoke with participants on site.
“DCM4 is a key pillar of the UK’s multilateral approach to cyber cooperation, enhancing understanding of cyber threats and strengthening national defense capabilities,” the U.K. government wrote in a statement.
According to the statement, DCM4 has two main objectives: maximizing talent and leveraging cutting-edge technology. The exercise aimed to identify, develop, and retain cyber specialists to support broader defense programs while fostering international collaboration. It also focused on innovation, seeking opportunities for digital integration and interoperability.
For example, DCM4’s red team—tasked with launching offensive cyber operations against the blue team—was responsible for emulating realistic and adaptable threats. According to a briefing held on-site on Feb. 27, planning this year’s cyber drill required at least 23 training sessions and four weekends of discussions. Since the goal was to “make the red team realistic,” extensive collaboration with the yellow team was necessary, along with training on both standard and non-standard attacks. The exercise also involved creating two fictional advanced persistent threats (APTs): SPHINX and KRAKEN.
The white team included members from regular armies, law enforcement, civilian sectors, industry, and academia. Serving as contacts and mentors, they primarily identified areas where teams needed support. By assisting other teams, they were able to prioritize leadership decisions and tools.
Notably, the DCM exercise is largely driven by volunteers with cybersecurity expertise who work in other sectors. Their diverse skills help make the cyber drill more realistic and dynamic. According to the British Army Cyber Association, volunteers made up more than 90% of participants this year.
A synthetic media environment added another layer of challenge to DCM4. A disinformation campaign ran throughout the exercise, simulating interactions and real-time feedback. Within this environment, the outreach team served as a bridge between the red and blue teams, making the drill more realistic and complex.
Participants also faced additional challenges, including artificial intelligence, machine learning, quantum technology, and satellite communications.
In his closing remarks, Colonel Ian Hargreaves, chair of the British Army Cyber Association and DCM4 exercise director, quoted General Sir Roly Walker: “To double our fighting power in three years and triple it by the end of the decade.” He explained that this goal is why the British Army has been “deliberately training” its forces. Hargreaves also emphasized the importance of upscaling cyber skills to counter evolving threats.
South Korea participated in DCM for the first time last year, forming a joint team with its U.K. counterparts. The South Korean team—comprising members from three key national security groups, the National Intelligence Service (NIS), the Army Cyber Operation Center, and the National Security Research Institute—worked alongside personnel from the British Army’s 16th Signal Regiment. Their collaboration took place in February of last year at the Korean National Cybersecurity Center (NCSC) in Pangyo. Together, they engaged in exercises to defend networks across military, satellite, healthcare, and government sectors from simulated orchestrated cyberattacks.
The joint exercise between the two countries was organized under the Strategic Cyber Partnership, signed by South Korean President Yoon Suk Yeol and U.K. Prime Minister Rishi Sunak on Nov. 22, 2023. The partnership aims to strengthen cyber ecosystems and resilience, advance shared international interests, and detect, disrupt, and deter malicious cyber threats. It aligns with the Downing Street Accord, a mutual agreement reached by the leaders two days earlier.
Related article: Combined cyber army of ROK and UK performed first exercise following strategic partnership
Several South Korean government agencies responsible for national cyber defense collaborated with the British military to conduct a joint international cyber exercise. This cooperative training, aimed at testing their combined capabilities to counter cyberattacks, concluded on February 16 after a week-long session.
In an email statement to The Readable on February 21, the British Embassy in Seoul confirmed that this training marked the first-ever combined military exercise between South Korea and the United Kingdom.
The Defense Cyber Marvel (DCM), organized by the U.K. Army Cyber Association, began as a domestic training event in 2022 before expanding to an international scale the following year. According to a press release from South Korea’s National Intelligence Service (NIS) on Wednesday, this year’s iteration, dubbed “DCM3,” saw participation from 17 countries, including Japan, Germany, and France, with a total of 46 teams. READ MORE
