As the military continues to build its cyber forces and institutionalize a professional cyber corps, top officials are calling for a cyber persistent training environment. While Cyber Command conducts large-scale exercises every year such as Cyber Guard and Cyber Flag, more is needed.
The Army was recently tasked by DoD as the lead for the joint services to develop the persistent training environment, Ron Pontius, deputy to the commanding general of Army Cyber Command, said at TechNet Augusta, held in Georgia Aug. 2-4.
"The cyber PTE will provide scenarios event management and access for high quality, individual and collective training and mission reversal capabilities for our cyber mission forces at the time and place of need for all four services and for U.S. Cyber Command," Pontius said.
"This past year the deputy secretary of defense designated the Army as the executive agent for cyber training ranges and then in this last year's program budget review the Army was specifically given some resources…to do persistent training environment, to lead the development for the whole DoD capability," Pontius told C4ISRNET in a recent interview at Fort Belvoir, Virginia. Funding is slated to begin in fiscal 2017, and in the meantime, the Army is "working through the governance and management and the requirements and the acquisition approach for when resources start flowing in FY17," he added.
Pontius said the Army is working hand in hand with CYBERCOM on requirements for building cyber ranges, but they are also leveraging the other work that's been done across the force. He said the Joint Staff and the Office of the Under Secretary of Defense for Acquisition, Technology and Logistics co-led an evaluation of alternatives for a PTE. Based upon this evaluation, the Joint Staff and CYBERCOM coordinated development of the initial requirements document that was approved by the vice chairman of the Joint Chiefs and the Joint Requirements Oversight Council in June.
Additional efforts the Army is looking to leverage in leading the PTE are the work done at the national cyber range in Orlando, Florida; a cybersecurity range in Stafford, Virginia, run by the Marines Corps on behalf of DISA; the C4 assessment division in Suffolk, Virginia, part of the Joint Staff J-7; and efforts from the Defense Enterprise Cyber Range Environment, or DECRE, which is also forming ranges, Pontius said.
Boosting existing training
Many military officials have expressed a strong desire for the persistent training environment as current training is not up to snuff. Col. Timothy Presby, Training and Doctrine Command capabilities manager for cyber, described the current conduct of collective training as "woefully inadequate." The current approach "requires too much time, too much prep, to deliver that training," he said at TechNet .
The military writ large has "the ability…to do high-fidelity, highly realistic training where our teams, our tactical forces, can be immersed in a simulated environment that looks real to them," Lt. Gen. Kevin McLaughlin, CYBERCOM deputy commander, told the House Armed Services Committee during a June 22 hearing. However, "the issue that we have is we cannot do that at scale… [the] the persistent training environment is a focused effort in the Department of Defense to allow us to actually do that type of training routinely – every week, every day – so that the men and women that are on our teams have the ability to the level of training that we're doing down in Suffolk right now. We only do that a few times a year."
While Cyber Guard and Cyber Flag are useful, the PTE "really is about individual training, collective training and mission rehearsal," Pontius told C4SIRNET. "So being able to provide training for the team members, for a whole team – because when you really talk about a Cyber Guard or Cyber Flag, you're talking multiple teams or really large exercise... but we need to be able to do training more often and at a lower level."
This capability would resemble a rifle range of sorts. Just as infantrymen practice with their rifles on a regular basis, cyber warriors need the same practice and training.
"A cyber range is a place where we go to practice our skills just like a rifle range. Well this cyber range is just as important to us," Lt. Col. Henry Capello, an information operations and cyber planner for the Louisiana Army National Guard, said at the annual Cyber Shield event in April. "By having a cyber range we can allow the bad things to happen every day and practice defending it and because it's in a range environment we don't have to worry about damage to live production systems."
Pontius said the PTE could be thought of as a sandbox that is virtualized, allowing teams or individuals to train from anywhere without having to travel to secure facilities with the private network infrastructure.
"There could be an [unclassified] environment, a secret environment and a top-secret environment based upon the type of training you're wanting to do and specifically the threat, or what your wanting to recreate," he added. "For instance, especially on mission rehearsal, if you're being tasked to do a specific, say a defensive operation -- can you create that in a PTE environment so you can test your tools, you could test your tactics, techniques and procedures just like we do in the physical domain?"
The PTE can also help cyber warriors work through scenarios.
"We know there's some [common scenarios] based on the evolving threat," Pontius said. "If we can develop a scenario and then let all the services use that, then you're only developing it once, not two or three or four times."
Replicating threats can be broken down into three categories, Russell Fenton, defensive cyberspace operations branch and TRADOC capability manager, told C4ISRNET at TechNet: low, medium and high fidelity. Low fidelity merely involves white carding; medium fidelity involves red teams to interact with blue forces; and high fidelity resembles the work being done at the national training centers with world-class cyber opposing forces on the network trying to conduct operations against the network, he said.
"I think that capacity is going to be an issue in a lot of cases, but we're at least trying to build something virtual to provide as much fidelity as possible," Fenton added.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.