War fighters will soon get new cyber training range

The Army’s cyber operators want unit commanders to know they’re ready to bring solutions that can be tailored to the unit, the network and the commanders’ missions — and they’re bringing their servers and sensors with them.

“We’re coming into our own as a brand new brigade, a brand new unit and a brand new domain,” said Maj. Josh Rykowski, a mission team leader with Cyber Protection Brigade.

“We’re trying to develop and get our capabilities out to the customers, network owners to understand what the capabilities are that we can provide,” Rykowski said.

He and other cyber operators met with reporters this week at the Association of the U.S. Army annual meeting in Washington, D.C., to talk about how cyber protection teams do their jobs, what they need to succeed, and how they can support commanders.

As the Army’s newest war-fighting domain grows, it will soon open its own training range, just as more traditional combat arms units have their firing ranges, said Lt. Gen. Paul Nakasone, the commander of Army Cyber Command, who joined the cyber operators at the AUSA event.

The training environment will hone the skills of cyber warriors and the Army’s cyber protection teams, which go out to units to do assessments and use intelligence to find gaps in units’ networks and look for other issues.

The teams then work with the local defender to leave the network more defensible than it was before, Rykowski said.

“My team has had a very high operational tempo,” Rykowski said in response to a question from Army Times. “The adversary is out there, and there is definitely a wide range of missions to conduct.”

The tools

When the cyber protection teams bring their defensive capability to a unit, they arrive equipped with a deployable cyber kit: hardware, servers, software, and sensors to sense a network.

The equipment can be a powerful advantage for commanders, the operators said.

The cyber kit includes a combination of network assessment equipment and forensics equipment, said Capt. Sean Eyre.

“We have server stacks that give rudimentary defense and a substantial amount of storage capacity and a substantial amount of computational power that allows me to flexibly create tools on the fly from my repository of tools,” Eyre said.

And the kits can be protected from what they find, he said.

“We always go on a mission with the mindset that a network has been exploited in some fashion, so it’s not safe to operate on there,” he said. “So, when we connect our kit to the network, we have defenses within the kit, so we ensure we ourselves do not get exploited if the adversary is still in the network.”

New training range

The new Persistent Cyber Training Environment is due to be rolled out at the end of the year, Nakasone said.

The Army has taken the lead in developing the new platform, which is intended to be a joint training capability across the Defense Department.

The virtual environment is intended to fill gaps between the virtual cyber training environments available now, support multiple training events, and boost cyber readiness across the services, Army officials have said.

It will be scalable to train individuals, teams and units, and for large-scale exercises as well as preparing for missions.

Commanders: Plan ahead

As the teams prepare for missions, they have a message for commanders.

Commanders should plan ahead for a cyber team to pay a visit — months ahead, said 1st Lt. Alvaro Luna, a former armor officer who works with cyber support to corps and below to help deliver cyber effects for commanders.

At 180 days before a rotation to the National Training Center, a cyber planner begins integrating with a commander, said Luna, who works on the offense side of the Army’s cyber operations.

His number one challenge, he said, is educating the unit he’s attached to about how cyber support works.

“One thing we found that is critically essential is early integration,” Luna said. “At the first sit-down, they understand what you can do. The second time we go out, we do another exercise with them that’s actually on their territory at their local [field training] event, [and] they can actually see those effects that we planned in the past.”

By the time the unit gets to NTC, “they’re caught up on what we can do. They’re already planning and they understand how we think. It’s really building that early relationship with commanders so that they know how you process information. Showing up at NTC with everything is too late so we integrate extremely early,” he said.

The teams

What characterizes a cyber protection team is that the operators are hunting for adversaries, looking for someone who doesn’t want to be found in a network.

“That is a core skill that we train in our cyber protection teams,” Nakasone said.

Rykowski’s team is one of the Army’s 20 cyber protection teams, the defensive elements, in the Army’s active force, Nakasone said. Another 21 teams are being built in reserve component — 11 in the Army National Guard and 10 in the Army Reserve. Of a team’s 39 personnel, 80 percent are military and 20 percent are civilians.

Each team’s civilians can share their expertise from diverse backgrounds, Nakasone said.

Vincent Walker is one of those. He is former enlisted and a former signals intelligence analyst who has been working with Army cyber for three years.

“We work closely with each other daily,” Walker said. “I can bring partners in from other places and agencies.”

With his background comes a wealth of contacts he can call on, he said.

“The experience of those people coming in and having conversations with them [the team members] helps them a great deal,” he said.

There are four different kinds of teams: national CPTs, Defense Department Information Network CPTs, teams that work directly with combatant commands, and Army service CPTs.

“Being an Army CPT, we receive a broad range of missions, and as we’ve gone out and assisted the network owner, a lot of what we do is educate them in our capabilities and also trying to work toward leaving the network in a much more defensible position,” Rykowski said.