Second to None! - indianstrategicknowledgeonline.comindianstrategicknowledgeonline.com/web/8... ·...

Army Cyber Command/2nd ARMY

“Second to None!”

16 August 2012

Incorporating Cyber Into

Training & Exercises

Second to None!

“Transforming Cyberspace While at War…

Can’t Afford Not To!”

Overall Classification of this Brief: UNCLASSIFIED/Approved for Public Release



Purpose

Provide an overview of how Army Cyber is incorporating cyber

space operations into training and exercises.

Discussion topics include incorporating cyber training in support

of the Army’s effort to revitalize home station training, cyber as

part of the operational environment, lessons learned from recent

participation in the Combat Training Center program to include a

warfighter exercise as well as cyberspace education and digital

awareness training opportunities.

2



Agenda

• Introduction

• Training

• Exercises

• Summary

• Questions

3



Introduction

4



What Leaders Need to

Know

Protect the Force…..Maintain Our Freedom to Operate

5

1. Embrace cyberspace as a contested domain

2. Know the threat….Its not random

3. Treat the Network as a weapon system

4. Identify and Protect Key Cyber Terrain

5. Strong 2-3-6 Integration – Required to Enable Mission Command

6. Enforce Compliance with Basic Standards and Discipline….Information

Assurance is not a given – Remediation is Expensive

7. This is leader’s business

8. Conduct Training and Leader Development

9. Support IT Reform — Necessary but not Sufficient

10. Make People the Centerpiece, not Technology



Cyberspace Domain

CYBERSPACE: A global domain within the information

environment consisting of the interdependent network of

information technology infrastructures, including the

Internet, telecommunications networks, computer

systems, and embedded processors and controllers

(JP 1-02).

6

Cyberspace Operations = Build + Operate + Defend + Exploit + Attack

Cyberspace Ops—the employment of cyber capabilities where the primary

purpose is to achieve objectives in and through cyberspace. (JP 1-02)



• Network as a warfighting platform linked to a global cyber C2 architecture

• Increase ability to conduct Land-Cyber Unified Operations: DOTMLPF

- Create near-real and CTC-like cyber training

- Create a “World-Class Cyber Opposing Force”

- Increase education and understanding of Land-Cyber unified ops

• Support the Shape, Prevent, and Win pillars within Cyberspace:

- Indications and Warning (I&W)

- Operational Preparation of the Environment (OPE)

- Critical Infrastructure Protection,

- Theater Security Cooperation

- Integrate Cyberspace ops into planning and targeting processes

7

Army Cyber Command Building for Tomorrow



Training

8



Cyberspace Ops Training Considerations

• As we do in other domains, we must train as we fight

• We must prepare our forces to operate in cyberspace under a wide

range of conditions, including contested and degraded environments

• Cyberspace operations enable Mission Command, which is an

essential component of all Army operations

• We must train staffs to integrate cyberspace operations. Commands

and units must ensure cyber activities are vigilant in protecting

networks

• Units must ensure protective protocols and counter-measures are in

place and adhered to, while every individual must ensure refresher

training is current and practiced relentlessly



Approach

EDUCATION

INDIVIDUALS LEADERS SPECIALIST

Professional

Education Initial Military

Training Institutional

Operational

Self-development

Soldiers

Civilians

• Incorporate cyberspace training requirements within TRADOC’s Revolution in Training &

Learning Initiative (home station & integrated training environment)

• Combat Training Center Capability (World Class Cyber OPFOR)

• Incorporate cyber specific training through Mission Command Training Center capability

• Cyberspace “digital awareness” training focused to leaders, staff and individuals

• Organize cyber within Army e-Learning Program / Army Continuing Education

areas of concentration (AOC) for

officer branches and functional areas

(FA) / military occupational

specialties (MOS) and additional skill

identifiers (ASI) for warrant officer

(WO) and enlisted personnel

Unit & Collective

Virtual Self-Development (Guided & Structured)

Building relationships

& Teams

Collaboration Areas with CAC

10



Leverage Cyberspace

Training in the Classroom

The desired cyberspace effects to be portrayed in the HS-T environment revolves around a cyber security

approach that facilitates the unit's ability to present an integrated, synchronized, and effective response to

a cyber-like event. This includes but is not limited to unit’s ability to:

• Take a proactive approach to addressing internal and external threats

• Effectively plan and conduct procedures for intrusion detection and decrease recovery time from a cyber

incident

• Continuously monitor the unit network and end systems, even when assets aren’t logged on to the

network

• Detect and remediate PII and classified spillage

• Achieve collaboration and synchronization among their Soldiers and leaders, processes and technology

Collaborative Training in Virtual Environments

Training in Virtual Classroom

Operational Environment

11



Increased Cyber Awareness ISO Mission Command

Cyber Training Concept

CATS Based &

Resourced

supporting

Mission

Command

Leverage Lessons

Learned from

MCTP/CTCs

L-V-C Training

Environments

B

u

i

l

d

R

e

a

d

i

n

e

s

s

Incorporate

Fundamental

Cyber Training

Band of Excellence for

Cyberspace Training

Meet CDR Objectives

Threshold

Objectives

Institution

Initial Military Training

(Basic/SOBC/WOBC/PME)

RESET (MCSI/NET)

Information

Preparation

Execution

Leader Tng

Planner Tng

Operator Tng

Provide Threat Awareness / Mitigation TTPs against

Vulnerabilities, CDV, Network Anomalies, Spillage, NDCIs

Increase CDR/G2/G3/G6 Cyber

Awareness

Deployment

CEF/DEF

Rotations

Corps/DIV/BCT Training

(STAFFEX, CPX, FTX,)

Mission CMD

Staff Tng

BCNOPC

Focus: DISA’s IA

for Deployed

Forces

TRAIN/READY

RESET

AVAILABLE

BCNOPC

12



Note: Army

Units can reference

Cyberspace tasks

by using the Army

Training Network

ATN will provide

you operational

level tasks to nest

or incorporate into

individual and

collective training

events

Cyberspace Training Tasks (1 of 2)

13



Task Type / Reference

Conduct Cyber/Electromagnetic Activities (ART 5.9 )/ AUTL

Conduct Cyber Operations ART 5.9.1 / AUTL

Conduct Cyber Warfare (ART 5.9.1.1) / AUTL

Conduct Cyber Network Operations (ART 5.9.1.2) / AUTL

Provide Cyber Support (ART 5.9.1.3) / AUTL

Develop Cyber Situational Awareness (ART 5.9.1.4) / AUTL

Conduct Information Protection (ART 5.10) / AUTL

Manage Cyberspace Operations (SN 5.5.11) / UJTL

Conduct Cyber Threat Activities (Collective) (SN 1-6-7278) / UJTL

Conduct Cyber Support to Counterintelligence Investigations and Operations (SN 301-35L-2529 ) / UJTL

Implement a Cyberspace Network Routing Plan (SN 113-408-8004) / UJTL

Implement Performance Control Measures for a Cyberspace Network (SN 113-395-0001) / UJTL

Cyberspace Tasks units can utilize to begin familiarization and training.

14

Cyberspace Training Tasks (2 of 2)


“Second to None!” 15

To ensure we are prepared to operate in the contested domain

of cyberspace and to combat threats against our networks, we

will increase the command’s cyber awareness among leaders,

planners and operators through a series of individual and

collective events. We will incorporate cyber into the operating

environment during all exercises. We will include as a training

objective conducting operations in a degraded and denied

network environment to validate our ability to conduct mission

command in these conditions.

Cdr’s Guidance for Cyber

Training (example)



Exercises

16



Exercise Concept

• Exercises support our cultivation of training and leader

development programs that provide our Cyber Warriors the

skills necessary to win on the Cyberspace battlefield. As we do

in other domains, we must train as we fight. We must provide

opportunities to confront obstacles and work in degraded

environments.

• Exercises are a primary vehicle to identify the necessary

functions and resources required to operationalize Cyber.

Successful exercises accurately replicate growing and

evolving real world Cyberspace threats. They provide a

venue to test emerging concepts and critical tasks in

environments that provide commanders opportunities to

“feel the pain” while learning valuable lessons that will

enable them to prevail in future conflicts.

17



Exercise Support Capabilities

• Expeditionary Cyber Support Elements (DGO, DCO, OCO Planning SMEs)

• Exercise Design & Planning Support

• Vulnerability Assessments

• Blue Team • Conducts defensive IO by identifying vulnerabilities across the information environment

• Makes recommendations to mitigate those vulnerabilities, and assists in implementing corrective

actions

• Works cooperatively with unit through interviews, policy reviews, network scans, content

monitoring and configuration reviews

• Red Team • Conducts Information Warfare against friendly forces using capabilities based on known threats

• Replicates realistic, validated, or templated threats

• Operates in compliance with Army policies, regulations and Joint Red Team doctrine

• World Class Cyber OPFOR

• Full Spectrum Information Operations Support

• Field Support Team

• IO SMEs

• Exercise Control Group Augmentation (Cyber SMEs)



Exercise Training ISO Mission

Command Systems

• Identify critical Mission Command systems architectures

• Exercise TTPs and PACE plans for operating in a degraded cyberspace

environment

19



Exercise Participation (past, present and future):

FY 11 – 6 exercises ( 5 COCOM, 1 Army)

FY 12 – 13 exercises (11 COCOM, 2 Army)

FY 13 - 17 exercises (14 COCOM, 3 Army)

Way Ahead

- We will continue to support USCC and COCOM tier 1 exercise requirements

- As we build partner capacity, we will participate in key Army Service Component

Command exercises

- We will continue to expand the program to include greater support to Army

exercises

- As World Class Cyber OPFOR capacity increases, we will support more combat

Training center rotations to include Mission Command Training Program

- We will develop the requirement for a live, virtual and constructive training

environment

20

ARCYBER Exercise

Support



• Lack of cyber training in general purpose forces

• Units not organized to conduct cyber operations across the three lines

of effort

• Exercise design must include cyberspace as part of the operational

environment

• Mission Scenario Event List (MSELs) must drive not only defensive

reactions but also proactive offensive planning

• Password management remains a recurring issue

• Lack of Cyber Common Operating Picture

Lessons Learned

21



1. Embrace cyberspace as a contested domain

2. Know the threat….Its not random

3. Treat the Network as a weapon system

4. Identify and Protect Key Cyber Terrain

5. Strong 2-3-6 Integration – Required to Enable Mission Command

6. Enforce Compliance with Basic Standards and Discipline….Information

Assurance is not a given – Remediation is Expensive

7. This is leader’s business

8. Conduct Training and Leader Development

9. Support IT Reform—Necessary but not Sufficient

10. Make People the Centerpiece, not Technology

Summary

Protect the Force…..Maintain Our Freedom to Operate

22



“Transforming Cyberspace While at War…

Can’t Afford Not To!”

Questions

23

Second to None! - indianstrategicknowledgeonline.comindianstrategicknowledgeonline.com/web/8... ·...

Documents

Transcript of Second to None! - indianstrategicknowledgeonline.comindianstrategicknowledgeonline.com/web/8... ·...