PODGORICA, Montenegro — Nearly three years after a sweeping cyberattack disrupted Montenegro’s government networks, the country has taken a powerful step forward in strengthening its digital defenses by hosting its largest and most complex cyber defense exercise called Immediate Response 25.
The 2022 cyberattack lasted more than 20 days. It disrupted government platforms and exposed vulnerabilities across banking, water and power systems. First responders included cyber units from the Maine National Guard as part of a long-standing partnership through the Department of Defense National Guard Bureau State Partnership Program. Many of those same service members returned to Montenegro for Immediate Response 25.
Instead of responding to an emergency as they did in 2022, they worked side by side with the Vermont National Guard, the Armed Forces of Montenegro and the Army of the Republic of North Macedonia in a joint multinational exercise designed to simulate a full-spectrum cyberattack.
For 10 days, participants navigated complex challenges modeled on real-world threats, including ransomware deployment and infrastructure disruption. While technical teams defended networks against an advanced persistent threat, a simultaneous tabletop exercise brought together senior leaders from Montenegro’s government, academia and private cyber industry as well as international partners for strategic decision-making and crisis response.
Lt. Col. Kerry Boese of the Maine Army National Guard assisted in planning the tabletop exercise, helping to bridge the gaps between the military, government, industry and academia.
“The tabletop exercise focused on a whole-of-government approach to pre-coordinate a response in case something ever happens,” Boese said. “It reinforces our collaboration with NATO allies and shows that we can work together, meet NATO objectives and build a unified response to cyberattacks.”
Montenegro’s planning team set out to make the exercise truly multinational in scope. Tijana Turkovic, head of planning, development and cooperation for cybersecurity in Montenegro’s Ministry of Defense, played a key role in designing the tabletop component.
“We wanted to use our 2022 experience as a foundation,” Turkovic said. “The goal was to connect technical incidents with strategic-level decision-making and coordinate a national-level response that includes ministries, the private sector and our state partners.”
For the first time, cyber operators from North Macedonia embedded directly within combined Montenegrin and U.S. cyber defense teams. Working together in these multinational teams, they undertook threat hunting, log analysis and incident response tasks, gaining valuable hands-on experience in network defense.
Senior Master Sgt. Zachary Poulin from the Maine Air National Guard, who deployed to Montenegro during the 2022 crisis, served as the exercise controller for the tactical portion. Behind the scenes, Poulin’s team directed the evolving scenario and ensured all training objectives were met.
“In this exercise, there are good guys and bad guys. We’re the puppeteers behind the scenes,” Poulin said. “We design a believable scenario and make sure every team is hitting [its] targets.”
Poulin noted that the simulated attacks were modeled closely on ransomware techniques used during Montenegro’s actual cyberattack. In addition, it provided Montenegro with an opportunity to demonstrate its capability to lead in the cyber domain.
“This is giving Montenegro the opportunity to host and manage a live cyber exercise,” he said. “And they’ve done an amazing job for their first time, with great collaboration from North Macedonia.”
The role of the adversary was led by 2nd Lt. Ivan Bajceta of the Montenegrin Armed Forces, who designed and launched threats based on recent global incidents.
“At first, the response from the defenders was chaotic,” Bajceta said. “But as time went on, they were more ready to respond. It’s been amazing to see their growth and communication improve every day.”
As the exercise commenced, the international cyber defense teams quickly began working to accomplish their mission. Each team had its own leader, one from Montenegro and one from North Macedonia. This brought unique challenges and required careful coordination and attention to detail throughout the exercise.
“Working at an international level with people around the world is an amazing experience,” Bajceta said. “You get different perspectives and learn how to grow with other teams. But in cyber, there are no shortcuts. One mistake can ruin everything.”
That global collaboration and attention to detail were central themes throughout the exercise, echoed by leaders at every level.
Maj. Isak Mrkaic, the exercise director from Montenegro, said the event was an opportunity not only to improve his country’s capabilities but also to elevate cooperation across borders.
“In the beginning, we had three goals,” Mrkaic said. “First, to show that the Montenegrin Armed Forces can conduct an allied cyber exercise. Second, to conduct tactical training and apply our knowledge. And third, to take a whole-of-government approach with stakeholders and national partners.”
What began as a modest concept quickly expanded. By the time the event launched, it had grown into a 10-day operation involving more than 120 participants from four countries, spanning tactical, operational and strategic levels.
“This is the largest cyber exercise ever conducted by our Armed Forces and Ministry of Defense,” Mrkaic said. “It’s a big step forward in how we work with partner nations.”
Beyond its technical success, the exercise also marked a leap forward in integrating artificial intelligence as a tool for training in cyber defense. Junior analysts used large language models to process alerts from tools such as Security Onion and Splunk, interpret malicious code and receive real-time guidance on attacker behavior. The artificial intelligence acted as a digital advisor, accelerating analysis and enabling even the least experienced team members to make informed decisions quickly.
“The cyber domain is here, and systems are under perpetual attack,” Poulin said. “Exercises like this, tied to major units and partner nations, are a perfect stepping stone. The 2022 attack was devastating, but it showed us the complexity of Montenegro’s system and how we can connect and support one another.”
In a world where cyberattacks increasingly blur the line between civilian and military targets, the events in Montenegro underscore a new reality. National security is no longer confined to physical borders or conventional threats. On today’s battlefields, where attacks in the cyber domain can result in kinetic effects, connectivity is both a strength and a vulnerability. Countering this vulnerability may lie in the ability to act quickly, collaborate across nations and trust both partners and technology.
Social Sharing