Services Ponder How to Train Like They Fight for Cyber
The U.S. military must find ways to educate its ranks to respond to cyberthreats.
The threat of cyberwarfare from adversaries is only expected to increase, and the U.S. must boost its cyber defenses, including its training and certification. The military is still considering how best to conduct defensive cyberspace operations education.
For each branch of the service, “training like you fight” is one consideration for creating a cyber cadre, according to a panelists speaking at the MILCOM conference in Baltimore on October 23. The panel looked at how to train a cyber force through the lens of mission, enemy, troops and capabilities, terrain, time and civil (METT_TC) considerations. The panel included moderator John Schleifer, vice president, Cyberspace Business Development, Light Professional IT Services, and panelists Brig. Gen. Brian Donahue, USA (Ret.), chief operating officer, Light Professional IT Services; Col. Paul Craft, USA, director of operations, J-3, Joint Force Headquarters, Department of Defense Information Networks; John Hickey, cyber development executive, Defense Information Systems Agency (DISA); Lt. Gen. Michael Basla, USAF (Ret.), senior vice president, CACI International; and Maj. Gen. Jennifer Napper, USA (Ret.), DXC Technology.
For Basla, the Air Force must focus on operationalizing cyber airmen. To do this, the service needs to look at its five traditional missions—air and space superiority; intelligence, surveillance and reconnaissance; rapid global mobility; global strike; and command and control. Each one of these missions has an interwoven cyber aspect, and should have trained cyber airmen at every level, he asserted.
“In order for our cyber Airmen to be cyber warriors, they need to be fully integrated into all Air Force mission areas, right from the beginning,” Basla said. “From the generation of requirements, to the development stage, to acquisition, to fielding, testing, and operation and maintenance, cyber has to be a part of it. Truly, every one of our airmen needs to be cyber warriors for the specialties they are assigned.”
Right now for new airmen coming into the service, Basla contended that “we’re doing a pretty good job.” Each one is given aptitude testing, then those airmen who have a “cyber mindset” are sent to cyber training at Keesler Air Force Base in Biloxi, Mississippi, with follow on courses through the Navy in Pensacola, Florida, that provide the certifications needed for joint warfighting.
Donahue confirmed that cyber capabilities must come from an operational framework, not an administrative framework. In 2011, cyberspace was declared an operational domain by the secretary of defense. Back then, command thought that the command and control (C2) framework to defend against cyber was inefficient and ineffective, and a unity of command across all DOD components was needed. Since then, DOD stood up an operational headquarters that patrols 42 DOD components, nine combatant commands, nine U.S. Cyber commands and 28 separate agencies, including those in the intelligence community. Donahue suggested that commanders dealing with cyber must do the same things that all operation-level commanders do—organize the battlespace in terms of terrain and forces. This includes an aggregate risk assessment. In addition, soldiers have to be familiar with the terrain and be able defend the DOD information network (DODIN) in cyberspace. The change in mindset to an operational framework would help confront an ever evolving adversary, he said.
In cyber warfare, one of the challenges is the changing terrain, Kraft said. In traditional training, soldiers would look at a map. The cyber world its different. Cyber terrain is an ever-changing, manmade, joint, global entity that is very tough to define. “The cyber terrain has no boundary,” he said. “And about every four minutes there is a network change, and every three minutes, there is a defensive change.” The speed at which a network is being built, destructed, extended, projected and pulled back is at net speed. “This is the speed at which we operate,” Kraft said. “We don’t get another chance, if we don’t have our defensive security set in place.” Therefore, the military needs persistent cyber training with live, virtual cyber training ranges. For training, the military needs to build a “like kind” network to teach how to defend cyber attacks. Soldiers need to be able to map such a network, and quickly replicate it for a training challenge.
In addition, commanders have to look closely at the mission-relevant cyber terrain, and find the key pieces of terrain that are needed to keep running and defending from cyber attacks—the piece the organization needs to continue functioning. “That has to be deconstructed by every operational commander,” Kraft implored. “We have to think differently.” In addition, cyber training needs to take into account how to operate within the context of the law, of U.S. Code, such as Title 10.
Napper added that the cyber domain is unique. “It’s a manmade domain, in the sense that it is hardware, software and electrons flowing,” she said. Nonetheless, cyber training should attempt to look at the terrain and see how many current military definitions could be applied. The first, would be to “see yourself first” and understanding the baseline, the cyber footprint. Speed of operations and agility on that terrain are of great importance and understanding. “I don’t think we can be agile on patched together legacy networks, and we have hundreds of networks like that today,” she said. The military is only just starting to like this in terms of cyber.
Napper also suggested that the military take another look at certification paths. “It is time to look differently,” she offered. “Our certification paths, have we outgrown them?”
Hickey believes that the three most important considerations for cyber training “are terrain, the time and speed in which we have to operate, and civil consequences—the laws and rules.”
Cyber warriors also need to know the enemy. “The enemy is vast, is in very different locations, and has very different objectives,” Hickey stated. The enemy in cyberspace “is more diverse than anything they’ve seen before.” Cyber capabilities are key, and the military should turn to industry to obtain tools and integrate capabilities together. “We are not there yet,” he said.
And while humans are key in cyber defense, Hickey said it is necessary to integrate machine learning and artificial intelligence to take it further. “We’ve got to get the enemy out of our network,” he said. “You have to know who is on your network.” Cyber training should also be specialized. Network operators will need tailored training that is different than analysts and the military also needs to reach out to junior and senior leaders to implement cyber training, with training for civilians as well.