Enable breadcrumbs token at /includes/pageheader.html.twig

Army Cyber Center Aggressively Pushing Zero Trust

Cyber school bases lessons on zero-trust success.
Maj. Gen. Paul Stanton, USA, commanding general, U.S. Army Cyber Center of Excellence and commanding general, Fort Gordon, addresses the audience at TechNet Augusta. Credit: Michael Carpenter

Maj. Gen. Paul Stanton, USA, commanding general, U.S. Army Cyber Center of Excellence and commanding general, Fort Gordon, addresses the audience at TechNet Augusta. Credit: Michael Carpenter

The U.S. Army Cyber Center of Excellence has initiated a pilot program to begin teaching zero-trust principles to chief warrant officers. The curriculum is built in part on a previous zero-trust pilot that successfully fended off red team attackers.

Maj. Gen. Paul Stanton, commanding general, U.S. Army Cyber Center of Excellence and commanding general, Fort Gordon, Georgia, discussed details of the pilot effort with reporters during a media roundtable at AFCEA’s TechNet Augusta conference in Augusta, Georgia.

While the cyber school is not yet teaching zero trust, it is moving in that direction, the general indicated. “This is not something that we’re going to sit back and wait for. We’re going to push as aggressively as we can to teach zero trust initially in our warrant officer school and then look to expand it to other soldiers,” Gen. Stanton said.

He credited CW3 Ben Koontz, the cyber school’s zero trust curriculum developer, for laying a solid foundation on which to build the curriculum. He recalled having worked with CW3 Koontz two years ago on a previous zero trust pilot at U.S. Army Cyber Command.

CW3 Koontz coordinated with U.S. Cyber Command, the Defense Information Systems Agency and the National Security Agency on the initial zero trust pilot. He was then assigned to the 2nd Infantry Division in Korea, where he instituted zero-trust principles and invited a red team to attempt to penetrate the operating environment, “and the red team couldn’t get in,” Gen. Stanton said. “They even gave access to the red team and asked them to try to achieve effects, and he caught them every time they tried to do something meaningful.”

Image
Maj. Gen. Paul Stanton, USA, commanding general, U.S. Army Cyber Center of Excellence and commanding general, Fort Gordon, speaks during a media roundtable at TechNet Augusta 2022.
Maj. Gen. Paul Stanton, USA, commanding general, U.S. Army Cyber Center of Excellence and commanding general, Fort Gordon, speaks during a media roundtable at TechNet Augusta 2022.

Learning of his success at 2nd Infantry Division, Gen. Stanton hired CW3 as the curriculum developer at the Cyber Center of Excellence.

He initially declined to estimate when the cyber school might begin teaching zero trust but tentatively offered a six-month window for the pilot effort and invited reporters to follow up in six months. “I’m not going to wait until the course is formalized. As Chief Koontz is developing the content, we’re going to push it to the warrant officers in active spaces. In fact, we just had an exchange with the G6 and 255S from the 101st Airborne Division (Air Assault), and we’re already pushing ideas to them so that they can start implementing things that will eventually be a part of the course,” Gen. Stanton added. “We’re doing many things in parallel recognizing that it’s too important to get started to move, and the lessons that we learn through execution will inform the course and make it better.”

One parallel effort includes preparing signal officers working in the 26 Bravo functional area to become data engineers, who understand how to collect and move data to the right spot. “Understanding the significance of your data is a precursor to establishing an effective zero trust environment that protects that data,” he said. “We’re not waiting entirely. We’re starting to move already to put the right educational model and the right training into place for our officer corps.”

The intent is to start small by teaching the basics of “Zero Trust 101.”  

“The Department of Defense has published a strategy. We should understand that as officers that work inside of cyber or signal, so we’re already pushing that into of our curriculum. We’re going to focus with our warrant officers to be those practitioners first.”

Another pilot effort aims to improve training for offensive cyber operators. “We’re working in coordination with U.S. Cyber Command to execute a distributed pilot where courses are being taught in Texas, in Georgia, in Washington, D.C. at Fort Meade,” Gen. Stanton reported. “We are pushing for our offensively oriented soldiers and service members to be fully trained. It requires a little bit of a change in curriculum, a change in approach, a change in our assessment strategy, but we are absolutely making progress and informing the longer-term way ahead.”

Gen. Stanton echoed statements made earlier in the day by Lt. Gen. Maria Gervais, deputy commanding general, U.S. Army Training and Doctrine Command, indicating Army officials are learning from the conflict in Ukraine stemming from Russia’s invasion. Those lessons learned also will influence the curriculum at the Cyber Center of Excellence.

“We’re learning a lot about electronic warfare. We’re learning a lot about your emissions control, and what your footprint looks like in the electromagnetic spectrum. We’re purposely driving towards a model that is education focused and then the actual hands-on, practical exercises are more flexible and agile based off of lessons that we learned,” Gen. Stanton said.