Second to None! Incorporating Cyber Into Training & Exercises 16 August 2012 Transforming Cyberspace While at War Can t Afford Not To! Overall Classification of this Brief: UNCLASSIFIED/Approved for Public Release
Purpose Provide an overview of how Army Cyber is incorporating cyber space operations into training and exercises. Discussion topics include incorporating cyber training in support of the Army s effort to revitalize home station training, cyber as part of the operational environment, lessons learned from recent participation in the Combat Training Center program to include a warfighter exercise as well as cyberspace education and digital awareness training opportunities. 2
Agenda Introduction Training Exercises Summary Questions 3
Introduction 4
What Leaders Need to Know 1. Embrace cyberspace as a contested domain 2. Know the threat.its not random 3. Treat the Network as a weapon system 4. Identify and Protect Key Cyber Terrain 5. Strong 2-3-6 Integration Required to Enable Mission Command 6. Enforce Compliance with Basic Standards and Discipline.Information Assurance is not a given Remediation is Expensive 7. This is leader s business 8. Conduct Training and Leader Development 9. Support IT Reform Necessary but not Sufficient 10. Make People the Centerpiece, not Technology Protect the Force..Maintain Our Freedom to Operate 5
Cyberspace Domain CYBERSPACE: A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (JP 1-02). Cyberspace Ops the employment of cyber capabilities where the primary purpose is to achieve objectives in and through cyberspace. (JP 1-02) Cyberspace Operations = Build + Operate + Defend + Exploit + Attack 6
Army Cyber Command Building for Tomorrow Network as a warfighting platform linked to a global cyber C2 architecture Increase ability to conduct Land-Cyber Unified Operations: DOTMLPF - Create near-real and CTC-like cyber training - Create a World-Class Cyber Opposing Force - Increase education and understanding of Land-Cyber unified ops Support the Shape, Prevent, and Win pillars within Cyberspace: - Indications and Warning (I&W) - Operational Preparation of the Environment (OPE) - Critical Infrastructure Protection, - Theater Security Cooperation - Integrate Cyberspace ops into planning and targeting processes 7
Training 8
Cyberspace Ops Training Considerations As we do in other domains, we must train as we fight We must prepare our forces to operate in cyberspace under a wide range of conditions, including contested and degraded environments Cyberspace operations enable Mission Command, which is an essential component of all Army operations We must train staffs to integrate cyberspace operations. Commands and units must ensure cyber activities are vigilant in protecting networks Units must ensure protective protocols and counter-measures are in place and adhered to, while every individual must ensure refresher training is current and practiced relentlessly
Approach Soldiers Civilians Building relationships & Teams Institutional Operational Self-development Collaboration Areas with CAC INDIVIDUALS LEADERS SPECIALIST Initial Military Professional Training Education Unit & Collective Virtual Self-Development (Guided & Structured) EDUCATION areas of concentration (AOC) for officer branches and functional areas (FA) / military occupational specialties (MOS) and additional skill identifiers (ASI) for warrant officer (WO) and enlisted personnel Incorporate cyberspace training requirements within TRADOC s Revolution in Training & Learning Initiative (home station & integrated training environment) Combat Training Center Capability (World Class Cyber OPFOR) Incorporate cyber specific training through Mission Command Training Center capability Cyberspace digital awareness training focused to leaders, staff and individuals Organize cyber within Army e-learning Program / Army Continuing Education 10
Operational Environment The desired cyberspace effects to be portrayed in the HS-T environment revolves around a cyber security approach that facilitates the unit's ability to present an integrated, synchronized, and effective response to a cyber-like event. This includes but is not limited to unit s ability to: Take a proactive approach to addressing internal and external threats Effectively plan and conduct procedures for intrusion detection and decrease recovery time from a cyber incident Continuously monitor the unit network and end systems, even when assets aren t logged on to the network Detect and remediate PII and classified spillage Achieve collaboration and synchronization among their Soldiers and leaders, processes and technology Training in Virtual Classroom Collaborative Training in Virtual Environments Leverage Cyberspace Training in the Classroom 11
Cyber Training Concept B u i l d R e a d i n e s s CATS Based & Resourced supporting Mission Command TRAIN/READY Leader Tng Information Preparation RESET (MCSI/NET) Initial Military Training (Basic/SOBC/WOBC/PME) Operator Tng Execution Planner Tng Increase CDR/G2/G3/G6 Cyber Awareness BCNOPC Provide Threat Awareness / Mitigation TTPs against Vulnerabilities, CDV, Network Anomalies, Spillage, NDCIs BCNOPC RESET Increased Cyber Awareness ISO Mission Command AVAILABLE Meet CDR Objectives Band of Excellence for Cyberspace Training Corps/DIV/BCT Training (STAFFEX, CPX, FTX,) Objectives Threshold Incorporate Fundamental Cyber Training Institution Leverage Lessons Learned from MCTP/CTCs L-V-C Training Environments Deployment CEF/DEF Rotations Focus: DISA s IA Mission CMD for Deployed Staff Tng Forces 12
Cyberspace Training Tasks (1 of 2) Note: Army Units can reference Cyberspace tasks by using the Army Training Network ATN will provide you operational level tasks to nest or incorporate into individual and collective training events 13
Cyberspace Training Tasks (2 of 2) Task Type / Reference Conduct Cyber/Electromagnetic Activities Conduct Cyber Operations Conduct Cyber Warfare Conduct Cyber Network Operations Provide Cyber Support Develop Cyber Situational Awareness Conduct Information Protection Manage Cyberspace Operations Conduct Cyber Threat Activities (Collective) Conduct Cyber Support to Counterintelligence Investigations and Operations Implement a Cyberspace Network Routing Plan Implement Performance Control Measures for a Cyberspace Network (ART 5.9 )/ AUTL ART 5.9.1 / AUTL (ART 5.9.1.1) / AUTL (ART 5.9.1.2) / AUTL (ART 5.9.1.3) / AUTL (ART 5.9.1.4) / AUTL (ART 5.10) / AUTL (SN 5.5.11) / UJTL (SN 1-6-7278) / UJTL (SN 301-35L-2529 ) / UJTL (SN 113-408-8004) / UJTL (SN 113-395-0001) / UJTL Cyberspace Tasks units can utilize to begin familiarization and training. 14
Cdr s Guidance for Cyber Training (example) To ensure we are prepared to operate in the contested domain of cyberspace and to combat threats against our networks, we will increase the command s cyber awareness among leaders, planners and operators through a series of individual and collective events. We will incorporate cyber into the operating environment during all exercises. We will include as a training objective conducting operations in a degraded and denied network environment to validate our ability to conduct mission command in these conditions. 15
Exercises 16
Exercise Concept Exercises support our cultivation of training and leader development programs that provide our Cyber Warriors the skills necessary to win on the Cyberspace battlefield. As we do in other domains, we must train as we fight. We must provide opportunities to confront obstacles and work in degraded environments. Exercises are a primary vehicle to identify the necessary functions and resources required to operationalize Cyber. Successful exercises accurately replicate growing and evolving real world Cyberspace threats. They provide a venue to test emerging concepts and critical tasks in environments that provide commanders opportunities to feel the pain while learning valuable lessons that will enable them to prevail in future conflicts. 17
Exercise Support Capabilities Expeditionary Cyber Support Elements (DGO, DCO, OCO Planning SMEs) Exercise Design & Planning Support Vulnerability Assessments Blue Team Conducts defensive IO by identifying vulnerabilities across the information environment Makes recommendations to mitigate those vulnerabilities, and assists in implementing corrective actions Works cooperatively with unit through interviews, policy reviews, network scans, content monitoring and configuration reviews Red Team Conducts Information Warfare against friendly forces using capabilities based on known threats Replicates realistic, validated, or templated threats Operates in compliance with Army policies, regulations and Joint Red Team doctrine World Class Cyber OPFOR Full Spectrum Information Operations Support Field Support Team IO SMEs Exercise Control Group Augmentation (Cyber SMEs)
Exercise Training ISO Mission Command Systems Identify critical Mission Command systems architectures Exercise TTPs and PACE plans for operating in a degraded cyberspace environment 19
ARCYBER Exercise Support Exercise Participation (past, present and future): FY 11 6 exercises ( 5 COCOM, 1 Army) FY 12 13 exercises (11 COCOM, 2 Army) FY 13-17 exercises (14 COCOM, 3 Army) Way Ahead - We will continue to support USCC and COCOM tier 1 exercise requirements - As we build partner capacity, we will participate in key Army Service Component Command exercises - We will continue to expand the program to include greater support to Army exercises - As World Class Cyber OPFOR capacity increases, we will support more combat Training center rotations to include Mission Command Training Program - We will develop the requirement for a live, virtual and constructive training environment 20
Lessons Learned Lack of cyber training in general purpose forces Units not organized to conduct cyber operations across the three lines of effort Exercise design must include cyberspace as part of the operational environment Mission Scenario Event List (MSELs) must drive not only defensive reactions but also proactive offensive planning Password management remains a recurring issue Lack of Cyber Common Operating Picture 21
Summary 1. Embrace cyberspace as a contested domain 2. Know the threat.its not random 3. Treat the Network as a weapon system 4. Identify and Protect Key Cyber Terrain 5. Strong 2-3-6 Integration Required to Enable Mission Command 6. Enforce Compliance with Basic Standards and Discipline.Information Assurance is not a given Remediation is Expensive 7. This is leader s business 8. Conduct Training and Leader Development 9. Support IT Reform Necessary but not Sufficient 10. Make People the Centerpiece, not Technology Protect the Force..Maintain Our Freedom to Operate 22
Questions Transforming Cyberspace While at War Can t Afford Not To! 23