Back to news

July 9, 2020 | International, C4ISR, Security

This training tool could be the answer to stop mass cyberattacks

At air bases across Europe, networks are under attack. Malicious hackers have gained access to sensitive systems, information, controls and critical infrastructure. But cyber operators from U.S. Cyber Command, in concert with Five Eyes partners, have been called in to thwart these attempts in real time.

This was the main scenario for this year's capstone cyber training exercise put on by Cyber Command, Cyber Flag 20-2.

The exercise, which took place June 15-26 and was exclusively defensive in nature, saw more than 500 participants and 17 teams participating from five countries across nine time zones, and it included America's National Guard, the U.S. Energy Department and the Five Eyes alliance — Australia, Britain, Canada, New Zealand and the U.S. Australia, however, did not participate during this iteration.

Officials told reporters this week that the purpose of Cyber Flag 20-2 was to continue building the community of defensive cyber operations and to improve the overall capability of the Five Eyes countries to defend against cyber aggressors.

The drill involved teams defending IT and operational security networks against a live, opposing force trying to disrupt, deny and degrade the air bases' operations. The networks under attack were industrial control systems simulated to generate network traffic for an aviation fuel farm, power grid, air traffic control radars and electronic access control systems. The attacks came in the form of malware that targeted devices responsible for fuel and power.

But the unique aspect of this year's exercise, as C4ISRNET previously reported, was the use of a new remote cyber training tool called the Persistent Cyber Training Environment.

PCTE is an online client that allows Cyber Command's cyber warriors, as well as partner nations, to log on from anywhere in the world to conduct individual or collective cyber training as well as mission rehearsal, which to date had not existed for the cyber force as it does for physical troops.

The program is run by the Army on behalf of the joint cyber force. The platform not only allowed the exercise to continue as planned amid the coronavirus pandemic, but it enabled collaboration and simultaneous training across the world.

A new way to train

Officials say PCTE is providing Cyber Command with an entirely new way to train cyber forces, which previously was difficult given a lack of infrastructure and the time needed to set up ranges and scenarios.

It also allows Cyber Command and military units to conduct more frequent training. Cyber Flag typically was Cyber Command's largest and only holistic tactical training event, held annually during June. For units, aside from Cyber Flag, there were no other ways to stay sharp on their skills unless they built their own environments.

Now, Cyber Command plans to hold more exercises, with Cyber Flag 20-3 occurring in the fall.

“The delivery of the Persistent Cyber Training Environment absolutely allows us to increase the frequency and the complexity of exercises that are conducted by the command itself,” Coast Guard Rear Adm. John Mauger, director of exercises and training at Cyber Command, told reporters. “Going forward, I would expect you to see a series of exercises throughout the year where we are reaching out to the different teams to test their capabilities or to focus on specific issues that are of concern or interest to us.

“Going forward, we're going to get the benefits of both those distributed exercises along with increasingly complex exercises as PCTE is instantiated across both the secret network and the top-secret network.”

Scenarios and environments can be stored, saved, reused and modified if needed in the system for later exercises. Smaller units will also be able to leverage these scenarios to practice whenever needed.

The PCTE virtual environment for this year's exercise included 25 interconnected ranges of more than 3,000 virtual machines — a high-fidelity network that simulated and emulated open internet traffic with more than 4,000 static websites that store and share data.

The simulated air base networks created in PCTE had fully configured Windows active directory domains with over 100 nodes running more than 10 types of major operating systems, along with 35 simulated user control workstations actively surfing the internet and using Microsoft Office products to access, create and transfer files.

Moreover, officials also explained PCTE can be integrated into larger, multi-combatant command-type exercises to simulate the cyber effects, such as Global Lightning and its companion Cyber Lightning.

Global Lightning is an annual global exercise run by Strategic Command to test integration across several geographic and functional combatant commands. Cyber Lightning is Cyber Command's portion to the exercise.

“We think that is the next evolution of the Persistent Cyber Training Environment and how we take to the tier 1 exercises, incorporate cyber effects. They're no longer white-carded,” Col. Tanya Trout, Cyber Command's PCTE director and acting director of the Joint Cyber Training Enterprise, told reporters.

White carding involves telling exercise participants that a certain action has occurred. This was typical of cyber effects, given it was difficult to realistically simulate them, which diminished the training value in exercises because participants didn't experience the full breadth of these actions.

Now, these activities can play a real role in exercises increasing the overall fidelity of training across the joint force and continuity of all operations of warfare.

The system will also be able to be used for mission rehearsals. A Cyber Command official said the force can input prior operations, such as those used against the Islamic State group, to train against. Additionally, they'll be able to upload to the platform malware discovered in operations.

The PCTE program office, which is in the prototyping phase despite delivering the first portion to Cyber Command in February 2020, also learned valuable lessons in Cyber Flag. Officials said the two-week exercise provided the program office with six months' worth of data it can use to make significant improvements.

Prior to the February delivery, the program office leveraged several smaller-scale training events at the unit level to incrementally increase capabilities and scalability as well as help geographically dispersed teams prepare for tier 1 exercises like Cyber Flag.

Overall, officials are happy with how the system performed in its first tier 1 exercise, pointing to little to no latency issues, though there were periodic improvement tickets.

“What we found through the rapid development and use of the Persistent Cyber Training Environment is that we really have a unique capability to move forward with,” Mauger said.

https://www.c4isrnet.com/dod/cybercom/2020/06/25/this-training-tool-could-be-the-answer-to-stop-mass-cyberattacks

On the same subject

  • New UK government orders review of ‘hollowed out’ armed forces

    July 16, 2024 | International, Land

    New UK government orders review of ‘hollowed out’ armed forces

    The U.K. must contend with security threats emanating from China, Russia, Iran and North Korea, the thinking behind the analysis goes.

  • The fight in Gaza will be hell, military experts in urban combat say

    October 21, 2023 | International, Aerospace, Naval, Land, C4ISR

    The fight in Gaza will be hell, military experts in urban combat say

    A ground offensive in Gaza promises to be long, brutal and costly.

  • Facing a sealift capacity collapse, the Navy seeks strategy for new auxiliary ships

    January 17, 2019 | International, Naval

    Facing a sealift capacity collapse, the Navy seeks strategy for new auxiliary ships

    By: David B. Larter ARLINGTON, Va. – The U.S. Navy is moving toward settling on an approach for recapitalizing the nation's aged sealift fleet, moving away from a single common hull for five missions. The sealift fleet, which is facing the prospect of an imminent collapse in capacity due to the ships all reaching or exceeding their hull life according to the U.S. Army, is what the U.S. would use to transport up to 90 percent of Army and U.S. Marine Corps gear in the event of a major conflict overseas. The program, known as the Common Hull Auxiliary Multi-Mission Platform, was envisioned as we way to recapitalize the country's surge sealift force and replace other auxiliary ships such as hospital ships and submarine tenders with a common hull form. But the Navy found after studies last year that one hull simply wasn't going to work for all the disparate functions the Navy was looking to fulfill with the platform. Now, the Navy thinks it has a better answer: Two platforms. “We started out thinking it was going to be one hull ... but what we found from our own examination and from industry feedback is that these missions fall into two basic categories,” said Capt. Scot Searles, the strategic and theater sealift program manager, in a brief at the annual Surface Navy Association's national symposium. “One is a very volume-intensive category where you need large volume inside the ship – that's the sealift mission where you are trying to carry a lot of Marine and Army cargo. The other bucket it falls into is the people-intensive mission. When you talk about a hospital ship or a submarine tender, those are people-intensive, and we found we didn't need as much internal volume. It could be a smaller ship but needed more berthing capability.” The Navy released a request for information this week for industry studies that they hope to award in March that will validate the approach, Searles said. “We believe it's going to be two hulls, but that's still a great savings over designing five hulls,” he said. Congress wants the Navy to start ordering hulls by 2023 to deliver by 2026, something the Navy told Congress in a report last year could be done if it ponies up the cash. The most urgent need in the surge sealift fleet is the ready reserve force, a fleet of ships run by the Maritime Administration that are in reduced operating status and spend most of their time in port on standby waiting to be activated in case of a national emergency. Searles said the plan would be to bring the newly constructed auxiliary sealift ships online and use them as maritime prepositioning ships, then take the current prepositioning ships – which still have plenty of life left in the hull – and move them into the ready reserve force. Prepositioning ships are operated by Military Sealift Command and deploy forward with logistics and equipment that can be used in a crisis on short notice. Developing the new ships will take anywhere from three-to-five years, Searles said, and in the meantime the Navy plans to buy used ships off the open market and modify them for DoD use. They will also extend the lives of the current ships in the sealift force to the best of their ability. Collapse In February, the Army sent a letter to Congress saying that the country's organic sealift capacity would fall below the level required to move the Army's equipment by 2024 if the Navy did not act fast. “Without proactive recapitalization of the Organic Surge Sealift Fleet, the Army will face unacceptable risk in force projection capability beginning in 2024,” the document said, adding that the advanced age of the current fleet adds further risk to the equation. “By 2034, 70% of the organic fleet will be over 60 years old — well past its economic useful life; further degrading the Army's ability to deploy forces,” the document reads. The Army's G-4 also alluded to then-Defense Secretary Jim Mattis' readiness push, adding that even the most prepared forces wouldn't matter if they can't reach the front line. “Shortfalls in sealift capacity undermine the effectiveness of US conventional deterrence as even a fully-resourced and trained force has limited deterrent value if an adversary believes they can achieve their strategic objective in the window of opportunity before American land forces arrive,” the paper reads. “The Army's ability to project military power influences adversaries' risk calculations.” The document reflects the Army's growing impatience with the Navy's efforts to recapitalize its surge sealift ships, which are composed of a series of roll-on/roll-off ships and other special-purpose vessels operated by Military Sealift Command and the Maritime Administration. And Capitol Hill shares the Army's view, according to two HASC staffers, who spoke to Defense News last year on condition of anonymity. The Navy, which is responsible for recapitalizing the surge sealift force, put forward a budget in 2019 that called for about $242 million over the next five years, the bulk of which would go toward designing and developing a new platform that will replace the current vessels. HASC lawmakers considered that amount of funding not enough to make any serious inroads on recapitalization, and certainly not enough to forestall the critical shortfall identified in the information paper, the staffers said. https://www.defensenews.com/naval/2019/01/16/facing-a-sealift-capacity-collapse-the-navy-hones-in-on-a-strategy-for-new-auxiliary-ships

All news