In the Cyber Trenches
The Army adjusts its training and career path for cyber domain troops and leaders.
The U.S. Army is taking a successful model developed to train chief warrant officers in the realm of information assurance and is adapting it for qualified enlisted personnel and officers. Instead of reinventing the wheel, the program blends already-successful cybersecurity training designed for the private sector with training tailored for the Army’s mission-specific networks. The goal is to create a career path for what is expected to be a cadre of cyberspecialists whose primary goal is to protect and defend the service’s digital infrastructure.
“The Army realized that our networks were being constantly attacked, but we never realized it until after it had taken place,” says Joey Gaspard, chief, Information Assurance Branch, U.S. Army Signal Center at Fort Gordon, Georgia. He adds that in 2007, the service embarked on a program to match staffing and training to be more proactive about cybersecurity. “Instead of consistently sitting there, waiting to be hit, they decided to put themselves in a position where we looked at the training. Commercial industry was already training personnel to defend commercial organizations, so why couldn’t the Army do the same thing?”
In response to that question, the Army embarked on a re-examination of its military occupational specialty (MOS) categories, which describe every job at every rank within the Army. The Signal Center focused on the MOS pertaining to cybersecurity.
Chief Warrant Officer Michael V. Gaskin, USA, says this re-examination revealed that many of the men and women who were coming to work for the Signal Center often arrived with their own cybertraining. “We help them hone that training to better fit the Army’s needs,” Chief Warrant Officer Gaskin explains. One of his partners at the Signal Center, Sgt. Roberto E. Romero, USA, adds that some of the training focuses on “developing skill sets, so that people can look at the network and see what bad things are coming across the cables, and identify the bad things.”
In 2008, once the staffing evaluation was complete, the Army Signal Center decided the first group to benefit from the new thinking would be the signal warrant officers. “At the time, we were looking at the 251 Alphas, the 254 Alphas and the 250 Novembers,” Gaspard outlines. The new training would make them more proactive in defending Army networks against cyber attacks.
The three warrant officer MOSs would become the basis for a new category of chief warrant officer—MOS: 255 Sierra—with the working designation of Information Protection Technician (IPT). “The 255 Sierra would have the base knowledge of the 254 Alpha or 250 November, then be able to move up to this next level [of 255 Sierra],” explains Gaspard. Additional MOS categories created IPTs within the 255 Sierra category. Those working in 255 Alpha are responsible for network servers and services; 255 November members monitor the networks; and 255 Sierra IPTs are purely security specialists.
Another innovation that emerged from the creation of the 255 Sierra MOS is the way in which this new cohort of signal warrant officers receive advanced cybersecurity training by using predominantly commercial training, which, Gaspard notes, is tried, tested and true to train cybersecurity specialists at private sector firms such as IBM and Hewlett-Packard.
Before the warrant officers can partake of this training, however, they must apply and qualify for one of the fixed number of slots available. Gaspard says the program only trains 40 chief warrant officers per year. Chief Warrant Officer Gaskin, one of the graduates of the course, explains they have opened the application process to all MOSs who have any cybersecurity training and experience.
Once selected for the 255 Sierra training program, the requirements are rigorous, Gaspard says. The first class a candidate must pass is an industry cybersecurity course provided by the SANS Institute, a well-known provider of advanced cybersecurity training in the private sector. Candidates also must have a current information assurance technician level-three baseline certification, which is similar to those required by cybersecurity specialists in the private sector. In addition, successful candidates’ résumés must show they have worked in cybersecurity.
The pilot classes for the 255 Sierra chief warrant officers were offered in 2010, and Chief Warrant Officer Gaskin says the response for applicants to the program continues to be tremendous. “We’ve had more than 100 candidates per year who apply for a seat in the course, he states.
Chief Warrant Officer Gaskin notes that one of the classes in the 255 Sierra advanced cybersecurity curriculum includes cyber law, which defines legal and procedural boundaries. Other courses include instruction in basic network operation and briefings on joint network operations, which Chief Warrant Officer Gaskin says offers Army warrant officers an opportunity to get a glimpse into how other military services and the agencies the Army works with, such as the Central Intelligence Agency and National Security Agency, manage and operate their networks.
Many of the network security courses are designed and conducted by the SANS Institute. Some of those courses include intrusion analysis, ethical hacking, network penetration, security auditing and securing Windows. Gaspard explains that the SANS course on current threats contains a module in which subject matter experts in cybersecurity are invited to address the class as guest lecturers. However, because of the nature of the training, these modules only can be updated annually. He goes on to say there is a workaround, however, in that SANS updates particular instruction modules, and when that module matches a newly discovered cyberthreat, the training is brought up to date to match. Graduates of the 255 Sierra class assist in making Signal Center trainers aware of new vulnerabilities as needed, he adds.
The Army gained significant efficiencies by integrating existing commercial cybersecurity training such as that offered by the SANS Institute, he relates. While unable to put a dollar figure on the value of such training, Gaspard says they nonetheless gained the ability “to stay on top of what’s being trained and to be consistent and on the same curve as commercial industry.” By comparison, he adds, any training designed and approved by the Army must usually undergo a rigorous and lengthy design process and requires additional staff just to keep up with the latest cyberthreats. “The efficiencies mean we don’t have to worry about being behind the power curve,” he concludes.
The 255 Sierra program, which creates a career path for chief warrant officers specializing in cybersecurity, has been declared a success by Signal Center officials, and it has graduated 65 chief warrant officers in the new category to date. The program has been so successful that officials at the Signal Center now are turning to the creation of a similar program for enlisted men, according to Jeffrey Hobday, branch chief, Information Assurance Branch, U.S. Army Signal Center.
“We’re now looking at our 25 Delta series,” he explains, using the MOS designation code for enlisted personnel whose focus is in the realm of cybersecurity. “Those guys are going to shadow the 255 Sierras.” The development program is in its second year, and the first classes of the pilot program are scheduled to be offered this fall. The first official classes for enlisted cybersecurity personnel are expected to begin in 2015.
The Army also plans to create a similar program for junior officers in the near future. Gaspard explains that signal officers from the 25 series are being targeted for this program, which would create a 26 Charlie MOS category of officers with a cybersecurity emphasis mirroring the 255 Sierra chief warrant officer and 25 Delta enlisted personnel cybersecurity programs.