• The Joint Cyberoperations Range can include live training, such as a fighter jet flying over a training range, along with virtual and constructive cyber training.
     The Joint Cyberoperations Range can include live training, such as a fighter jet flying over a training range, along with virtual and constructive cyber training.
  • The Joint Cyberspace Operations Range was recently integrated with the National Cyber Range to an unprecedented degree, offering valuable lessons learned for cyber training and education, say U.S. Air Force officials.
     The Joint Cyberspace Operations Range was recently integrated with the National Cyber Range to an unprecedented degree, offering valuable lessons learned for cyber training and education, say U.S. Air Force officials.

Joint Range Tailors Cyber Training to Warfighter Needs

February 1, 2013
By George I. Seffers
E-mail About the Author

A cyberspace operations facility grows with the burgeoning mission.

The U.S. Defense Department’s network operations training and education capabilities must continually evolve in the ever-shifting cyber realm. To meet that need, one of the department’s premier cyber ranges harnesses the power of simulation to support a full array of training, education, certification and military exercises for the warfighters.

The Joint Cyberspace Operations Range (JCOR) provides cyberspace operators and others the ability to train in realistic environments. The operators gain hands-on experience in protecting, defending and fighting in the networked arena without impacting real-world operational networks.

The JCOR allows users to connect disparately located cyber training systems from different services or agencies. The level of connections can vary depending on the users’ needs. “There are different ways of interfacing or integrating. We’re able to do, in many cases, both interfacing and integrating,” says Thomas May, technical project lead for the U.S. Air Force’s Simulator Training and Exercise (SIMTEX) range, which is the Air Force portion of JCOR. “If need be, we have been able to take the assets that other capabilities can provide and integrate them together so that they are actually components of our network.”

One recent integration example involved a connection with the National Cyber Range, which initially was developed by the Defense Advanced Research Projects Agency and transferred in 2012 to the Office of the Secretary of Defense/Test Resources Management Center. The National Cyber Range emulates the public Internet and other networks. It provides for the modeling of cyber attacks, as well as the test and evaluation of cyber attack impacts. Additionally, it allows for rapid reconfiguration—in less than one day—between events. It also enables the simultaneous execution of parallel events at unclassified through top secret security levels. Lockheed Martin is the National Cyber Range prime contractor.

The JCOR and National Cyber Range were connected this past summer. “That was a technology integration event where we wanted to see how the SIMTEX JCOR asset and the National Cyber Range asset could be utilized in support of larger events,” May reveals. “It was extremely enlightening to us all—to us and to the National Cyber Range team. We had an extremely lofty goal of not just interfacing these two ranges, but also of integrating them, and we had a lot of lessons learned from that one. In a good way.”

Capt. Andrew Dunn, USAF, SIMTEX chief engineer, reports that the level of integration between the two ranges was unprecedented. “We did it to a level that was previously not seen, so it was eye opening to a lot of people, including ourselves,” Capt. Dunn says.

The JCOR boasts 13 different kinds of simulators, some of which are specific to a layer or tier of a network. For example, one simulator might represent an Air Force Base. The next may be a grouping of how bases are managed, May explains. The second tier might have an Air Force-level computer network defense layer.

Other simulators, known as part-task trainers, are used to teach specific tasks, such as managing firewalls or email flow. “Those part-task trainers help us because technicians can use those systems whenever they need to, without taking up some of our bigger ranges like the base level or tier two stuff, which use up bigger chunks of resources. This way, we can do multiple events congruently,” the captain states. An analogy in the aircraft world would be a mockup of a wing with a bomb rack attached. It does not simulate everything the aircraft can do, only part of what it does, such as how the bomb is attached to the aircraft wing. In addition, the task trainers allow for more options in tailoring simulations to a specific organization’s needs.

The Internet simulation capability goes by two names, the more accurate Synthetic, Non-Kinetic Bombing Range and the easier-to-say Global Range Internet. It allows network defenders to train at different classification levels from military bases around the world. “That network defender can be logged in just about anywhere, at any military installation, and receive training that will represent what he would be seeing on an operational network,” May says.

The JCOR mission is changing continually to meet warfighter needs. Initially the mission was to support relatively few cyber exercises each year. Now, however, the JCOR provides continual training and education and supports a number of exercises throughout the year.

Additionally, the range first was used to train relatively few people in defensive operations only. “That has evolved out to where we are now bringing in the offensive types of operations also,” May reports. “Not necessarily delving into the very specific toolset of the offensive realm, but the simulators represent a realistic look and feel of the environment the users are in.” He adds that the specific offensive tools may be supplied by another capability provider.

May’s discussion of offensive cyber training comes with a warning. “There’s a lot of focus on the offensive components of cyber warfare, and we need to make sure that we don’t neglect the defensive component and don’t neglect the network operations portion of it. It’s the network operator who is probably 80 percent of the cyber workforce,” he declares, and the operator is the person who makes sure the network is up and running.

May compares the network operator’s job to that of an aircraft pilot. A bank right maneuver is handled by one pilot within a closed system. But for the network operator to make a change to the network—a metaphorical bank right—requires coordination with 20 or 30 other people, he estimates, emphasizing that, “Training all the way from the bottom to the top is required.”

The type of users for JCOR also has evolved. They no longer come solely from the traditional cyber domain. Training scenarios can include, for example, Facebook and Twitter messages and blog postings that intelligence personnel can scour for information about the enemy.

The evolving mission also can include training for cyber operations in support of kinetic events. “We could, if we need to, conduct a cyber event that might assist in a kinetic event or make it so that a kinetic event is not even required,” May says.

The number of users has been expanding rapidly. In 2011, JCOR users logged 30,548 simulator hours. As of November 1, 2012, the number already was up to 34,788 with two months to go in the year. Air Force officials are taking steps to further expand the pool of JCOR users. They envision additional combatant commands, military services, schoolhouses and agencies using the JCOR.

The joint range includes a mix of live, virtual and constructive training. “We’re taking, for example, an information database that represents a constructive model and allowing that to feed into our exercise play. Then, we have virtual people or virtual machines that are in the air, virtual networks that are on the Global Range Internet. And you are able to mix it in with, say, a pilot who is flying a real aircraft over a range. You take all of that information together and present it into the common operational picture,” May explains.

The JCOR has its roots in the SIMTEX program, which began in 2002 in support of an exercise called Black Demon. That exercise inspired the U.S. Strategic Command to initiate a joint exercise known as Bulwark Defender. Officials envisioned each of the services having programs similar to SIMTEX so that simulators across the military could be connected for joint cyber training throughout the year. That initial JCOR vision also included joint funding, which has not materialized.

Officials describe the joint range as a coalition. In addition to SIMTEX, primary coalition members include the U.S. Navy Cyberspace Operations Range, the U.S. Strategic Command Cyberspace Training Environment and the Army National Guard range known as the Army Guard Enhanced Network Training Simulator. “It is a coalition of the willing to share lessons learned, how to acquire technologies, scenarios, any kind of training that can be shared across one schoolhouse and another, or one unit to another or one exercise to another,” May says. In some cases, he adds, a new program can leverage JCOR resources and expertise to dramatically reduce startup costs and time.

Capt. Dunn agrees. “It allows each individual organization to have a multiplying effect and capitalize on what others have already gone through,” he says.


Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.

Share Your Thoughts: