Government and military leaders have for years warned of increasingly pervasive and nefarious cyber-attacks. The network intrusions, perpetrated by nation states, hacktivists and thieves, are growing rapidly, experts have said.
To quell attacks, a premium has been put on so-called “cyberwarriors” — professionals trained to root out and stop network intrusions at some of the nation’s largest institutions and military and government agencies.
At U.S. Cyber Command, based at Ft. Meade, Md., officials said the importance of having a properly trained workforce is essential to stopping attacks.
“There is nothing more vital to our mission of defending our nation’s networks than a trained and ready cyberworkforce. Cyber has become an integral part of our interconnected world and our warfighting capabilities,” Air Force Maj. Gen. Jim Keffer, chief of staff for USCYBERCOM, told National Defense in an email.
Programs that allow trainees to tinker with computers to fix vulnerabilities or stave off attacks from simulated hackers are immensely useful, he said.
“One of the best tools we use at USCYBERCOM for training is our exercise network, not connected to any operational network or the Internet at large, that has been created purely for exercise purposes,” Keffer said. “This tool allows our cyberprofessionals to test their skills in a working environment against simulated, realistic attacks without impacting our operational real-world networks.”
Trainees receive a minimum of 12 weeks of instruction, he said.
“That’s just to get started. To be qualified at the advanced level in a joint operational environment takes a few years, depending on the particular job,” Keffer said.
As breaches have increased, a wider variety of institutions are being targeted. Last year, the financial sector took a beating when Iran allegedly targeted banks with numerous distributed denial of service attacks.
Earlier this year, President Barack Obama issued an executive order that called for better cybersecurity protections for critical infrastructure. Many experts see public works, such as the electrical grid, as a sitting duck.
At Cyber Command, officials said the threat is changing and volatile.
“In the news, we’ve seen the trend in malware shift from DDoS, or distributed denial of service [attacks], which is mostly just inconvenient, to destructive in nature, as evidenced by the Saudi Aramco” attack and other high-profile intrusions, Keffer said.
In 2012, Saudi Aramco, the state-run Saudi Arabian petroleum company, was the victim of a massive attack that destroyed 30,000 computers. The Shamoon virus attack was allegedly perpetrated by Iran.
Continued attacks such as Saudi Aramco require that personnel be kept abreast of new and evolving threats, he said.
Industry is also working to keep their network security experts sharp.
At Lockheed Martin, employees practice their skills using simulated attack software, said Lee Holcomb, deputy to the technical operations vice president at Lockheed Martin’s Information Systems and Global Solutions branch.
The program, called Experiential Cyber Immersion Training and Exercises, or EXCITE, uses a centrally-managed environment to simulate a real attack scenario. Until a year ago, the program was exclusively used to train employees internally. Now the company is looking outward, Holcomb said.
“We are just now reaching out to make it known to the military and to others that we do have training that is available,” said Holcomb.
The threat today includes nation states, organized crime syndicates and hacktivists, said Holcomb.
“All three represent a significant challenge to various organizations and the level of sophistication is getting higher and higher,” Holcomb said. “You just have to up your game.”
There is a “huge need” for this type of training software, he said.
At General Dynamics Advanced Information Systems, which offers a number of cybersecurity services, personnel are trained in several different mediums, Nadia Short, vice president and general manager of the cyber and intelligence solutions division said in an email to National Defense.
“From industry conferences to on-the-job, learn-by-doing training exercises to researching, analyzing and reverse engineering the cyber-attacks that have garnered worldwide attention, our workforce has their fingers on the pulse of the latest cyber-attack techniques and the innovative approaches for defending against them,” she said.
The company uses knowledge gained by its experts who have been “on the front lines of the military and government network defense and exploitation,” she said.
Trainees study advanced persistent threats, malware analysis and network defense, to name a few, Short said.
“We think it is important that our folks have a plethora of course work, training and exercises readily available to continuously update and fine tune their skillset. The better educated our people are, the better chance we have of mitigating advanced cyberthreats,” said Short.
The company does not offer training products externally, but works to keep its internal program up to date, she said.
Northrop Grumman security experts constantly receive primers on new attacks.
Through the company’s Cyber Academy program, employees working in cybersecurity and the general workforce can learn about the latest threats in a classroom setting. The classes range from basic to advanced. Cyber Academy participants also practice with simulated threats in lab activities, said Michael Papay, vice president and chief information security officer for Northrop Grumman Information Systems.
Initially, the company planned to use the Cyber Academy program only for internal training. After customer requests, it decided to begin offering it commercially, Papay said.
“We’ve kind of transformed our internal Cyber Academy lessons for our employees into a business where we can actually take them on the road and sell them,” Papay said.
The classes are offered domestically and internationally. Northrop is working to keep them as relevant as possible to reflect constantly changing threats, he said. Some topics include mobile and cloud security.
Leidos, a Reston, Va.-based defense company, offers customers its CyberNEXS training program.
It allows trainees to sharpen their skills in a live-training environment, said Tim King, training director for the program. It can be set up for a number of different environments and can be updated to keep pace with evolving threats. Once a trainee finishes the exercise, the program then provides feedback and evaluation, he said. The information can then be taken and applied to certification programs.
Leidos has already sold the program to the Air Force. It has been sold to civilian customers, too, he added.
Students with an interest in cybersecurity shouldn’t rely on future employers to provide all the training, experts said.
At Cyber Command, officials said the Defense Department must work on programs that focus on science, technology, engineering and mathematics (STEM) education.
Over the past several years, there has been a significant push among industry, the government and academia to better train students in STEM fields.
One program, CyberPatriot, is geared towards enticing high school students to enter a career in cybersecurity. Starting with eight teams in 2009, the program swelled to 1,226 teams during the 2013 competition. It was created by the Air Force Association and is funded by a number of sponsors, including Northrop Grumman, which earlier this year pledged to donate $4.5 million to the program.
At the national competition, which was held in National Harbor, Md., in March, participants fought in a cyber-arena to fend off simulated threats. The teams also placed patches in the computer programs and reduced system vulnerabilities, said Diane Miller program director of CyberPatriot and director of information security operations and cyber initiatives at Northrop Grumman.
Training students before they enter the workforce not only inspires them to seek careers in cybersecurity, but also helps companies in the long run, she said.
By the time students reach middle school, they need to understand that there are career opportunities in cybersecurity, Miller said. It can be an exciting field to work in and is one that will exist for the foreseeable future, she said.
While trained professionals can fend off many attacks, it is extremely important for the public to have a better understanding of the threat, said Dawn Hagen, manager of learning and development at Mandiant, a Washington, D.C.-based cybersecurity firm.
“It is very important for everyone to become more cyberliterate. Technology pervades our lives, work, home life, finances, transportation, entertainment, recreation and even our personal relationships. Understanding more about the risks associated with using technology helps prevent being easily victimized,” she said in an email.
Correction: The original article stated that USCYBERCOM trainees receive an average of 12 weeks of training. They receive a minimum of 12 weeks of training.Photo Credit: Defense Dept.