TRAINING AND SIMULATION
Working from Home Sharpens Focus on Cyber Training
Air Force photo by William Belcher
The COVID-19 pandemic has forced the military to put a renewed emphasis on cyber training as servicemembers increase their use of teleworking.
The expansion of remote work has raised concerns about cybersecurity vulnerabilities.
“It has shined a light on it,” said Dani Charles, a fellow with the New America think tank’s cybersecurity initiative. New “edge devices” that are outside of the Defense Department enterprise or that are connecting back into the enterprise are also increasing cyber vulnerabilities, he noted.
The trend is prompting the services to develop new cybersecurity technologies, he said.
“It’s forcing ... the military to really accelerate focuses on technology and push forward a number of things that otherwise might have been delayed for traditional contracting reasons,” Charles said.
Hopefully the military will also be encouraged to continue looking at ways it can operate remotely and continue to recruit new servicemembers who are proficient in cyber activities, he noted.
“If we can be in a situation where we can leverage talent anywhere inside the United States and allow them to work within an enterprise that is both secure, but also reliable and fast and functioning … then I think that’s an advancement that really lends itself to a much more agile force,” Charles said.
The Army has seen an increase in its use of its persistent cyber training environment training platform, which transitioned from prototyping to production in March 2020, Col. Corey Hemingway, project manager for cyber test and training, said in a recent interview. There were previously three major prototype releases, then two versions were released in the production phase. It is intended to help connect users from all of the services and NATO to work on both defensive and offensive capabilities. The Army kicked off the effort in 2018.
“One of the major things that we’ve seen from [U.S. Cyber Command] is that the transition, because of COVID, increased the utilization of the system,” Hemingway said.
“We’re starting to see that transition occur across all of the services in order to maintain cyber readiness across the force.”
The effort will be advanced with Cyber TRIDENT, or Training Readiness Integration Delivery and Enterprise Technology, which is a contract vehicle that will refine the integration factory processes for the training platform, according to the service. The Army plans to pick award winners in the fourth quarter of fiscal year 2021.
“Cyber TRIDENT … is an estimated $957 million contract that we are putting together to support [Cybercom] and the cyber mission force in delivering a cyber training platform,” he said.
The persistent cyber training environment was in the prototype phase with several vendors, and a request for proposals under Cyber TRIDENT was released in June. Hemingway said the contract period of performance will be eight years and the service has yet to decide how many contracts will be awarded.
“The capability is providing new insights into a collaborative environment supporting the cyber mission force,” he said. “Now we have the ability to see ourselves and be able to maneuver in cyberspace in ways that we haven’t been able to do before.”
Graham Fleener, product lead for the persistent cyber training environment in the Army, said the first version of the product was a core portal which gave users the ability to plan, execute and assess cyber training events. The second version includes improvements such as an enhanced workflow and master calendar and scheduler.
The platform is giving the services and military commands the ability to procure, develop and share content at a faster pace than before, he said.
The product has transitioned out of the prototype phase, Hemingway noted.
“We’ve got over 4,000 users that are on the platform that have used this capability,” he said. “We have already been in development of nearly ... 144 terabytes of training content.
That means all of the services are developing and adding content that can be utilized for their training events across the board.”
Charles said the interoperability of the persistent cyber training environment is one of its most important features. The platform’s ability to easily connect with other users allows servicemembers to share and analyze data in real time.
“Traditionally, the way systems have been designed have not been for that interoperability,” he said. “And that’s fundamentally what has to change. ... Going forward, when acquisition [officials] look at bringing new systems online, interoperability has to be among the top considerations.”
Don Bray, Raytheon’s director of cyber initiatives in the company’s global training and logistics division, said one of the biggest challenges of cyber training is that the domain is always evolving.
“There’s really two perspectives there,” he said during the Association of the United States Army’s annual meeting in October, which was held virtually this year due to the COVID-19 pandemic. “First, the enemy continues to evolve their tactics and the ways they try to get around our defenses. But also, technology evolves … and the technologies that will be leveraged by the enemy as well.”
It is also difficult to recruit people for the cyber industry, said Ryan Bagby, the company’s director of cybersecurity academy, cybersecurity, training and services. A Raytheon case study found that it is very challenging to find qualified individuals to fill these roles. Because of this, the company has focused on training its current employees in cybersecurity, he noted.
“The global cyber talent gap that we’re seeing in the projections next year [is] expected to be 3 million — that’s how many employees are going to be needed in this field that aren’t available right now because there aren’t enough people to do those roles,” he said.
Additionally, the military will likely continue to compete with private industry for cyber talent, Charles noted. Some steps the services are taking to combat this challenge include putting more focus on its reserve forces, which may have people who already possess the necessary technical skills.
On the civilian side of its cyber workforce, the Air Force’s retention rate has been steady, service spokesperson Capt. Clay Lancaster said in an emailed statement. Over the last seven fiscal years, information technology and management losses had an average retention rate of 91.2 percent, he noted. Generally, retention of the Air Force’s uniformed cyber personnel has been sufficient, though this varies with pay grades.
“Recruitment remains a challenge given competition with the private sector and the high demand for cybersecurity professionals,” he said. “Greater use of hiring incentives and other compensation flexibilities will facilitate continued progress toward higher retention across all cybersecurity disciplines.”
One of the Air Force’s top efforts to train its cyber personnel is the Digital University, which provides 33 different cybersecurity courses. Since June, more than 3,500 Air Force and Space Force professionals have completed over 6,000 hours of training in areas such as cyber operations, machine learning, software development and data science, he noted.
“Right now Digital U is a top focus area for cybersecurity initiatives,” he said. “Digital U is our digital transformation effort and really gets after how we train, assess and certify digital skills” within the Air Force.
The switch to widespread remote work and use of commercial communications systems has also changed the focus of the service’s cybersecurity training, he noted.
“Greater emphasis is being placed on cybersecurity topics applicable to both government and personally owned IT systems and capabilities, through multiple message channels such as the AF Portal and social media in addition to the standard command channels for information distribution like email notices to airmen on cybersecurity topics,” Lancaster said.
The service is using its nascent 16th Air Force group to glean lessons learned about the cyber environment, he noted. Last year, the service created the new information warfare group to focus on such capabilities that combines cyber, global intelligence, surveillance, reconnaissance, electronic warfare and information operations. Under Air Combat Command, the organization was activated at Joint Base San Antonio-Lackland, Texas, in October 2019, and became fully operational in July of this year.
“They are at the ‘front lines’ to see what the latest cybersecurity threats are and how they are evolving,” Lancaster said. “These valuable insights can be turned into lessons learned and training opportunities for airmen across the force.”
Training is expected to remain on the forefront of the Air Force’s mind, with cybersecurity training being a top priority.
“The Department of the Air Force has realized that if we fail to aggressively expand our digital talent, we will be faced with an insurmountable knowledge gap compared to our peer adversaries — particularly with cybersecurity training,” he said.
Topics: Training and Simulation