Cyber Train as You Fight

As the U.S. Army wraps up fighting land wars in Iraq and Afghanistan, the service is adapting cybersecurity training to the changing landscape.

The U.S. Army is making its facility at West Point the focus of a joint program with the other services, industry and academia, devoted to sharing advanced cybertraining and research. Training in the new cyber realm includes not only basic best practices concerning passwords and mobile device security but also advanced training in the latest network management protocols and technology for members of the Army’s Signal Corps.

As cyber becomes the newest domain in which the service must fight and succeed, the training troops and their commanders receive has evolved to keep them effective and successful in what is being called the “land-cyber convergence.” And, while advanced training can include mission-specific applications and hardware, increasingly it also includes the same kind of training and emphasis found in the government’s civilian sectors and private industry.

“Every soldier, anyone who touches the network—whether it’s a four-star down to an E-1—has things they need to do to make sure they’re operating safely and effectively in cyberspace,” says Col. Chris Haigh, USA, deputy to the commanding general for proponency, U.S. Army Cyber Command, at Fort Meade, Maryland. “The Army has a requirement for everyone, including contractors and Department of the Army civilians, to take a group of classes before they get network access,” he says. Subjects covered include phishing attacks, password security and mobile device security. In some cases, classes are an annual requirement to, as Col. Haigh puts it, “keep our skills fresh.”

For some time now, the Army, just as all the military services, has considered cyber a domain in which it must prepare to fight and win, just as it does with air and land. “We believe here at Army Cyber that the two are so closely related, we started calling it ‘land-cyber convergence’—something that happens on land affects cyberspace and vice-versa,” the colonel explains. Training at all levels has evolved to help troops and their commanders adapt. Just as there is key terrain in the land domain, there also is key terrain in cyberspace, and training must follow that way of thinking, he adds.

Cybertraining takes on a different meaning for members of the Army’s Signal Corps, the primary operational unit of the service tasked with running the Army’s network. “As you build, operate and maintain the network, and provide services, you’ve got to be sure you know how to do that, make sure you’re building them the right way, with all of the right safety features,” Col. Haigh explains. “If you’re running the wire, you have to make sure you’re running the wire properly. And if you’re delivering the services, whether it’s telephony or access to the Army’s enterprise email, we’ve got to be sure we have the people who know how to provide those services and defend those services.

“At that level, you’ve got great signal soldiers who have been doing what they’ve been doing for quite a while, and we tie them up with the military intelligence soldiers who know what the threats are. It’s very important that the leaders integrate our G-2s and G-3s and G-6s, so our operations people are really driving the operation and looking at cyber as a domain,” the colonel adds.

Training for signal soldiers takes place at the Signal Center of Excellence at Fort Gordon, Georgia; and military intelligence soldiers receive cybertraining at the Intelligence Center of Excellence at Fort Huachuca, Arizona.

On yet another level, Col. Haigh says the new focus on leader training is instilling a better understanding on the part of the Army’s commanders of the nature of cyber attacks and what they mean from a tactical standpoint. “We have the Army’s leaders, who have grown up in either the signal or military intelligence disciplines and using the art of mission command, which is leadership. It’s understanding how to maneuver in land, and now cyber, that training comes from at every level of operational experience, and schools such as Command and General Staff College, the Army War College, the Sergeants Major Academy,” he explains.

Just as commanders must deal with the unanticipated on the battlefield, they also must be able to cope with the unanticipated in the cyber realm. “Commanders now know to put emphasis on protecting our data, to make sure what data in what classification can go on what network, and what action to take when things are compromised,” the colonel says. He compares it to one soldier accidentally being shot because another mishandled a rifle; at the most, one person is harmed. “If you have that in cyberspace, you can bring an entire army to its knees if an operations plan is leaked or put on the wrong network or a system doesn’t come up because soldiers were applying the wrong software patches,” he relates.

Cybertraining does not only come from the Army’s own training resources. Col. Haigh says the Army is reaching out beyond the service to develop what he describes as the cyber constellation. “We’re working on it with the fledgling Army Cyber Research Center at the U.S. Military Academy at West Point. One of the things that our boss [Lt. Gen. Rhett Hernandez, USA, commanding general of Army Cyber Command/2nd Army] realized is absolutely critical is that we’ve got to get this information shared across a broader community of interest,” the colonel explains. He defines that community not only as the Navy, Air Force and the rest of the joint defense community but also as federal research laboratories, academia and industry partners. “The constellation is meant to be populated by the bright, shining stars, the specialists who have really proven their mettle in the cyber arena,” he says. These bright stars include the Army’s partners in academia at schools like the University of Nebraska and Carnegie Mellon University in Pittsburgh. In March 2012, West Point’s Information Technology and Operations Center was redesignated as the Cyber Research Center, and given a new mission of research and education in the areas of information assurance, computer and network security.

In recent years, the U.S. Defense Department has emphasized joint operations, which include the cyber arena. Ideally, according to this doctrine, Marine cybersecurity experts should be able to work closely with their counterparts in the Air Force if the mission requires them to do so. Here, too, says Col. Haigh, the Army is adapting its training. “Looking at the cyber-specific requirements issued by U.S. Cyber Command, we’ll have to make sure our forces are trained to meet these needs. One of our challenges is that, as they publish these requirements, we relate what our mission-oriented-systems soldiers have to the joint specifications.”

Whether its an M-1 tank or the latest howitzer, most of the weapons systems the Army uses usually are designed for military use only. But that is not always the case with information technology hardware and software applications, most of which have direct analog counterparts in civilian business and public sector server rooms. Here, too, the Army can take advantage of that commonality when it comes to cybersecurity training.

“More and more, the Army relies on COTS [commercial off-the-shelf] equipment. If you looked at most of our networks, you would see Cisco or Brocade or Enterasys or any one of the other vendors that the Army acquisition people might contract with,” the colonel points out. Much of the training involved with COTS gear is included in the contracts that are negotiated with vendors, he adds, and in most cases are industry-standard, which saves the Army the cost of conducting non-mission-specific cybertraining on that equipment. In addition, many of the most common cybersecurity-oriented hardware and software certifications, such as Certified Safety Professional (CSP), Certified Information Security Professional (CISP) and Information Assurance Support Team (IAST), are based on industry standards and are directly applicable to the operation of much of the cybersecurity equipment and applications in most Army server rooms.