9 juillet 2020 | International, C4ISR, Sécurité
U.S. Cyber Command's new training platform is slated to deliver the second iteration this fall providing additional capabilities and user capacity, program officials said.
The Persistent Cyber Training Environment (PCTE) is an online client that allows Cyber Command's warriors to log on from anywhere in the world to conduct individual or collective cyber training as well as mission rehearsal. The program is being run by the Army on behalf of the joint cyber force and Cyber Command.
Officials delivered the first version of the program to Cyber Command in February and the environment was used for the first time in Cyber Command's premier annual tier 1 exercise Cyber Flag in June. The second version is expected to include additional capabilities, including allowing more users to conduct team or individual training.
“Things like to be able to schedule, have a calendar to be able to auto-schedule things, to be able to allocate resources because right now it's you can get in and you can do it but how do you deconflict? If you're running a team based event across x number of services how does somebody else come in and do an individual training,” Amit Kapadia, chief engineer for the program, told C4ISRNET in an interview. “Do you have the right infrastructure underneath?”
Kapadia added that during the COVID-19 pandemic, there was a surge in platform use due to the remote working, thus, by the end of this year, the program seeks to push additional compute and network capabilities.
Leaders are targeting final testing in September and then a roll out in late fall for version 2.0.
The program has also sought to deliver incremental capability along the way through what it calls cyber innovation challenges. These are competitions to awards and layer new technologies onto the platform.
There was a notice informing industry of the fourth such innovation challenge released recently. Officials told C4ISRNET they expect to release a formal solicitation around August, with plans to award contracts by the end of the year or early next year.
The officials noted that just like with the previous innovation challenges, there could be multiple vendors awarded and specifically non-traditional defense vendors. Moreover, they also anticipate to continue these challenges for the foreseeable future even when a vendor is selected to be the integrator for PCTE through what's known as the Cyber Training, Readiness, Integration, Delivery and Enterprise Technology (TRIDENT), a contract vehicle to offer a more streamlined approach for procuring the military's cyber training capabilities. The contract is valued at up to $957 million. This approach, officials said, prevents vendor lock and ensures the program is at the tip of the technological spear.
The fourth cyber innovation challenge seeks to ask industry for assistance in traffic generation – which means emulating fake internet traffic on the platform – and assessment, which was a key requirement directly from Cyber Command.
“I would say what we've been driven towards right now are high priorities coming down from [Cyber Command commander] Gen. [Paul] Nakasone and Cyber Command for things like CMF assessment,” Kapadia said. “They want to be able now ... all these reps and sets that are happening within PCTE, how am I assessing the performance of the individuals in my teams.”
An integrated and agile approach
Since the platform was delivered to Cyber Command in February, command leaders have officially taken the burden of running training exercises from the program office, freeing it up to focus on pursuing new technologies and fixes as well as the overall acquisition.
In the past, the program office worked with specific units to conduct training events in order to stress the platform and gain valuable feedback. Now, Cyber Command has created what is called the Joint Cyber Training Enterprise, which is the non-material companion to the PCTE platform and seeks to operate and synchronize training hosted by PCTE for the joint force.
“The JCTE is a lot like the combat training center ops group where they are managing the platform, they are running the platform, they are running the training,” Lt. Col. Thomas Monaghan, product manager of cyber resiliency and training at Program Executive Office Simulation, Training and Instrumentation, told C4ISRNET. “So we delivered the platform to them and they're using it I would probably say on a weekly basis. They're doing cyber training events that we don't manage that anymore. We don't stand them up. The platform is being used, we're able to concentrate on specific capability, platform enhancements.”
JCTE has formalized the cyber training and use of the environment while also coordinating which cyber mission force units need to conduct which types of training, something the program office wasn't equipped to do.
Monaghan said his office is in almost hourly, or at least daily, contact with JCTE to better understand what users like, don't like or needs to be fixed.
“We've got the program office, we've got the user community, we've got the operational arm of the user community, which is JCTE, we've got the Army capability manager codifying the requirements all working together. We literally talk to each other at least daily,” Monaghan said. “That direct feedback loop is one continuous circle of information. That's the only way a program this robust can be successful.”
Program officials said they gained valuable insights from the recently concluded Cyber Flag, which created roughly six months worth of data.
They explained that while not every element worked exactly as planned, the nature of the program allows for incremental and ongoing adjustments to be made. By leveraging specific flexible acquisition tools, the program is not as rigid as other typical military platforms, such as tanks.
“It's a perfect one for PCTE because it created that box basically saying in laymen's terms we have no idea what this specifically looks like but we have some eye level things that it should do,” Liz Bledsoe, deputy product manager, told C4SIRNET, regarding the types of acquisition mechanisms PCTE is being run under.
Monaghan added: “That's the way the platform and the program were structured when the requirements were written, some of them were listed as evolving or threat based or capability ... They're ever evolving, ever enhancing based off the needs of the cyber mission force.”
29 novembre 2021 | International, Aérospatial
"Calling it 'breaking the laws of physics' does not lead to rational scrutiny," Secure World's Victoria Samson said of the recent Chinese hypersonic test.
13 novembre 2019 | International, C4ISR, Sécurité
By: Andrew Eversden The Department of Defense is working with a unnamed company to mitigate cybersecurity vulnerability discovered in a technology used by the Pentagon, the DoD's Deputy Chief CIO Michele Iversen said Nov. 12. Without going into specific detail, Iversen said the department is working to remove the product. “The company was compromised [and] had a big cybersecurity vulnerability,” said Iversen, speaking at Fifth Domain's annual CyberCon conference. “And we have seen bad things coming from those products, so we are looking at how to use our authorities ... [to] block those products or companies for national security systems.” This highlights a broader issue facing the DoD: how to protect its supply chain. To mitigate supply chain risk, Iversen said that she is working on a supply chain illumination tools. She said that these are useful because its made up of publicly available information that doesn't need any level of classification. Specifically, she said she's working on a decision support tool where she can expose a “bare minimum set of publicly available supply chain information.” “So when people are going to look and make their purchases, they have information available to them,” she said. She said, ultimately, she wants the DoD CIO's office to offer that tool as a service. The National Institute of Standards and Technology is also starting to develop cybersecurity tools. NIST's Jon Boyens, acting deputy chief of the computer security division, said that his team at the standards agency is working on a supplier inter-dependency tool “to look at different suppliers and their criticality” to allow for government to be more effective in asking for capabilities during the procurement process. “Industry is saying, ‘You know, we've invested in this but we're not getting any incentives' ... and so they're kind of looking for incentives for investing in technology,” said Boyens. Iversen said that technology research and development also presents its own attack surface with which it needs to grapple. If the research and development was done in a foreign country, that presents a unique set of threats. For example, Iversen pointed to back-up software being placed into a nuclear command-and-control system. “Maybe you just say anything where the R&D ... [is] done in those countries is just off limits,” Iversen said. “It just makes common sense. It's fixing stupid.” https://www.fifthdomain.com/smr/cybercon/2019/11/12/here-are-some-new-tools-coming-to-protect-the-supply-chain/
21 novembre 2023 | International, Naval
Opinion: The industrial base will be able to meet US Navy requirements and deliver boats to Australia under the tri-national pact, argues Rep. Joe Courtney.