25 février 2020 | International, Aérospatial, C4ISR, Sécurité
For years, the first time the Department of Defense's cyber forces faced high-end digital attacks was not in practice or in a classroom, but in actual operations.
For the cyber teams that focused on offense, a playbook developed from years of National Security Agency operations guided their work. But on the defensive side, standards and processes needed to be created from scratch meaning, in part, there was a lack of uniformity and little tradecraft to follow.
Because cyber leaders had focused on staffing, training opportunities for defensive cyber operators had been sparse.
To help solve that problem, the Department of Defense is expected to award a contract worth roughly $1 billion later this year for a global cyber training environment. But in the meantime, some units across the joint force have gone so far as to create their own small-scale training events and exercises to keep their forces' skill sets sharp.
Perhaps the best example of these efforts are the 567th Cyberspace Operations Group's “Hunt Event,” which has quickly grown to become one of the largest cyber exercises across the department. The bi-monthly exercise pits teams against each other in a competition for the coveted Goblet of Cyber trophy and bragging rights.
The group aims to better train defensive hunters, improve defensive tactics, techniques and procedures and develop defensive tradecraft.
“The point of this was that we didn't really have a good range space to play on that had an active and live adversary so we could, in theory, replay traffic and we could go in and generate some easy kill, low hanging fruit signatures for detection,” Capt. Reid Hottel, training flight commander at the 837th Cyber Operations Squadron, told Fifth Domain.
“If we are supposed to be the primary counter to advanced persistent threats, the way that we were training was not like how we were fighting.”
The exercises started roughly a year ago to teach operators how to hunt on networks. It's now evolved to where participants also work on leadership skills and build custom exploits on a large range with multiple stakeholders.
In addition to the Air Force CPTs — the defensive cyber teams each service provides to U.S. Cyber Command — members from the Air Force Office of Special Investigations and Mission Defense Teams, specialized defensive cyber teams that will protect critical Air Force missions and local installations, also take part. At the most recent exercise in January, a representative from NASA participated. Now, the exercises have become so popular Hottel said other services are interested in participating in the future. This includes a Marine Corps CPT at Scott Air Force Base.
Building better leaders and hunters
To be the best, cyber leaders recognized their teams would have to beat the best and that meant training against the world's most advanced cyber threats.
Some other forms of training — such as the popular capture the flag game, which involve teams trying to find “flags” such as files or scripts inside a network — are not always the most realistic form of training.
“When we were fighting, we're up against advanced adversaries. We're up against adversaries that are using tactics, techniques and procedures that are just above and beyond what simple little [scripts] ... we were using in the past,” Hottel said. “This hunt exercise allows us to do that, whereas in the past, particularly in other flag exercises, we are not training at the APT level. We [were] training at the script kiddie kind of level and here we're training at a much higher difficulty, which stretches and grows our operators into being true hunters.”
He added that the exercises are also helping develop tradecraft.
“That's one thing that nobody really teaches, there's no commercial course that you can go buy that teaches tradecraft, that teaches the military away, that teaches the way that we use to find the APT, which in theory, should be ever evolving because our adversary is as well,” Hottel said. “These exercises have been really eye-opening to provide tradecraft development, to become hunters, to understand what it means to be a cyber protection team.”
The exercise has evolved to include custom exploits, custom root kits, custom attacks and zero-day exploits within a real-world mission where in some cases hunters don't have any indictors of compromise that exist in the public domain. This means that there is no public reporting available on the exploits or tactics the adversary is using.
Participants can hone their skills, by actively hunting on a network in order to find anomalies that could lead to trouble.
“As hunters,” he said, “we don't necessarily have singular methodology, we don't necessarily have a unique way that we can go about finding advanced threats mostly because we haven't really been training like that.”
The training is also helpful for new mission defense teams, which are just being officially resourced within the Air Force around local installations. By having those teams sit next to CPTs, who are using generally the same tools, they can learn about tradecraft and what to look for at the local level.
During the most recent exercise, officials said it was the first time they intentionally tried to trip up participants. Organizers created fake attack chains to see how the players scoped an investigation into a network and deducted points for the amount of time they wasted following that lead. This technique helps teach teams how to scope investigations without going down “rabbit holes,” and not adequately planning, Lt. Christopher Trusnik, chief of training at the 835th Cyberspace Operations Squadron, told Fifth Domain.
Beyond the technical hunting, this approach helped team leader to flex leadership muscles.
“It was more of teaching that leadership technique of you plan for this, how do you investigate quickly and how do you triage your investigation,” Trusnik, whose unit ran the January exercise, said.
Hottel explained that following this most recent event, teams focused on leadership and organization.
At one point, someone on his team previously had been coached on what they needed to include such as specific indictors that might be valuable to their mission partners to understand. At this exercise, they included those indicators.
In another instance, one team member who had never run a hunt mission struggled at first. Hottel stepped in and with just a little guidance, the leader became more disciplined and was able to find things much better in the last three days.
Benefits of cyberspace in training
Training in cyberspace has benefits that other domains don't offer.
For one, forces don't need a dedicated battlespace such as the Army's National Training Center or the range used at Nellis Air Force Base for the Air Force's Red Flag. With cyber, a custom range can be built and forces from all across the world can come in and participate.
The range used for the hunt exercises stays up weeks after the formal event so individuals or teams can try their hand, though they obviously won't be eligible for the Goblet of Cyber trophy.
All of this could change with the Persistent Cyber Training Environment (PCTE). PCTE is a major program being run by the Army on behalf of Cyber Command and the joint force to provide a web-based cyber training environment where cyber warriors can remotely plug in around the world and conduct individual training, collective team training or even mission rehearsal — all of which does not exist on a large scale currently.
Hottel said that his forces haven't been limited thus far without PCTE. Though, once the platform is online, they can upload the range they used for a competition and it can be accessed by anyone across the joint cyber mission force.
Testing new concepts
But in the meantime, smaller, unit level exercises like those run by the 567th allow forces to test concepts and learn from others. Unlike larger exercises that have requirements and stated objectives, smaller exercises can serve as a proving ground for staying sharp and pushing the envelope. This allows local units more control over what their personnel do but can also allow teams to test new concepts in a relatively risk-free environment.
“Let's say that a national [cyber protection] team wants to test out ... whatever they're currently using because they feel like it would provide them an advantage so they want to test out something,” Hottel said. “We can throw that on the range as well and they can utilize an entirely defensive tool set. We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters.”
Hottel also said that personnel playing on the archived range can bring new ideas, which can then be tested during the next exercise. In some cases, they may come up with an idea on their own and bring it to the next exercise to see if it actually works.
Ultimately, the event is designed to create better cyber warriors.
“We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters,” Hottel said.
4 janvier 2024 | International, Naval
The sheer number of undersea cables and pipelines crisscrossing the oceans makes it easy for attackers to cover their tracks, according to experts.
3 juillet 2019 | International, Aérospatial
By Anthony Capaccio United Technologies Corp.'s Pratt & Whitney unit is chronically late delivering engines for the Pentagon's costliest program, the F-35, raising questions about whether the company is ready for a surge to full-rate production scheduled for next year. Pratt remains under a previously unreported “Corrective Action Request” from the Defense Contract Management Agency that cites “poor delivery performance” on its current batch of engines for the fighter jet, including for the most complicated version used by the Marine Corps and the U.K. for vertical takeoffs and landings. The agency's action is likely to be watched not only by the Pentagon and international buyers of the F-35 but also by shareholders and investors assessing United Technologies' planned merger with Raytheon Co., which would fortify the combined company's standing as one of the top U.S. defense contractors. The F-35 engines would be one of the new company's top revenue producers. United Technologies Corp.'s Pratt & Whitney unit is chronically late delivering engines for the Pentagon's costliest program, the F-35, raising questions about whether the company is ready for a surge to full-rate production scheduled for next year. Pratt remains under a previously unreported “Corrective Action Request” from the Defense Contract Management Agency that cites “poor delivery performance” on its current batch of engines for the fighter jet, including for the most complicated version used by the Marine Corps and the U.K. for vertical takeoffs and landings. The agency's action is likely to be watched not only by the Pentagon and international buyers of the F-35 but also by shareholders and investors assessing United Technologies' planned merger with Raytheon Co., which would fortify the combined company's standing as one of the top U.S. defense contractors. The F-35 engines would be one of the new company's top revenue producers. The company, which is the sole supplier of engines for the fighter built by Lockheed Martin Corp., must demonstrate by year-end that it has delivered on promised improvements to solve the problems that led to the agency's formal request in December, spokesman Mark Woodbury said in a statement outlining the issues. Full Production The $428 billion F-35 program is scheduled for approval next year to enter full-rate production, the most lucrative phase of a weapons program for contractors. The decision is contingent on an assessment during the aircraft's current round of intensive combat testing that it's effective and can be maintained. Of the $428 billion, as much as $66 billion is to be spent on at least 2,470 engines -- designated the F135 -- for U.S. jets, including $53.4 billion in procurement, according to the Defense Department's latest Selected Acquisition Report on the F-35. Pentagon budget documents indicate the engine program is valued at about $2 billion annually for Pratt, according to Bloomberg Intelligence analyst Douglas Rothacker. John Thomas, a spokesman for Pratt, said in an emailed statement that “we take seriously our responsibility to meet F135 production commitments. The corrective action plan submitted earlier this year lays out how we are doing that. Over the past year, we have invested more than $200 million for additional capacity, and currently have over 100 Pratt & Whitney employees deployed to our supplier facilities in support of production obligations.” Revenue Potential Pratt & Whitney President Bob Leduc underscored the engine's revenue potential to analysts June 17 at the Paris Air Show. United Technologies Corp.'s Pratt & Whitney unit is chronically late delivering engines for the Pentagon's costliest program, the F-35, raising questions about whether the company is ready for a surge to full-rate production scheduled for next year. Pratt remains under a previously unreported “Corrective Action Request” from the Defense Contract Management Agency that cites “poor delivery performance” on its current batch of engines for the fighter jet, including for the most complicated version used by the Marine Corps and the U.K. for vertical takeoffs and landings. The agency's action is likely to be watched not only by the Pentagon and international buyers of the F-35 but also by shareholders and investors assessing United Technologies' planned merger with Raytheon Co., which would fortify the combined company's standing as one of the top U.S. defense contractors. The F-35 engines would be one of the new company's top revenue producers. The company, which is the sole supplier of engines for the fighter built by Lockheed Martin Corp., must demonstrate by year-end that it has delivered on promised improvements to solve the problems that led to the agency's formal request in December, spokesman Mark Woodbury said in a statement outlining the issues. Full Production The $428 billion F-35 program is scheduled for approval next year to enter full-rate production, the most lucrative phase of a weapons program for contractors. The decision is contingent on an assessment during the aircraft's current round of intensive combat testing that it's effective and can be maintained. Of the $428 billion, as much as $66 billion is to be spent on at least 2,470 engines -- designated the F135 -- for U.S. jets, including $53.4 billion in procurement, according to the Defense Department's latest Selected Acquisition Report on the F-35. Pentagon budget documents indicate the engine program is valued at about $2 billion annually for Pratt, according to Bloomberg Intelligence analyst Douglas Rothacker. John Thomas, a spokesman for Pratt, said in an emailed statement that “we take seriously our responsibility to meet F135 production commitments. The corrective action plan submitted earlier this year lays out how we are doing that. Over the past year, we have invested more than $200 million for additional capacity, and currently have over 100 Pratt & Whitney employees deployed to our supplier facilities in support of production obligations.” Revenue Potential Pratt & Whitney President Bob Leduc underscored the engine's revenue potential to analysts June 17 at the Paris Air Show. “So another way to think about the F135 is a year ago we made about eight engines a month,” he said. “Right now we are between 13 and 14 engines a month. But when you think about the F135, it's 16 engines a month for the next 30 years. There will be over 4,000 of these airplanes when it's all said and done,” including foreign sales. The primary issues resulting in late engine deliveries “have been related to supply-chain capacity, material shortages” and production issues, according to the contract management agency. “Engine test failures due to high vibrations and foreign object debris continues to plague” production, the agency said in an internal quarterly assessment for January through March. Deliveries of the Marine Corps model engines “have been consistently late,” it said. As of early June, Pratt & Whitney was contractually required to deliver 108 engines in the latest production contract, the program's 11th. Of the 90 delivered, 88 were “late by an average of 40 days,” Woodbury said in his statement. The Pentagon is close to finalizing the award of the 12th and largest F-35 contract to date with Lockheed and Pratt. Spotty Record The current delays add to Pratt & Whitney's spotty track record. Even as deliveries increased to 81 in 2018 from 48 in 2012, 86% of those were delivered late, up from 48% in late 2017, according to an April report from the Government Accountability Office. Asked whether the contract management agency has confidence Pratt will be ready for a full-production decision, Woodbury said the agency is monitoring milestones in Pratt's corrective action plan and needs to see progress before making that judgment. The agency's assessment said that in light of Pratt & Whitney's track record it believes the company “will encounter issues keeping up with demand for any future low-rate and full-rate production contract” that increases quantities. — With assistance by Rick Clough https://www.bloomberg.com/news/articles/2019-07-02/united-technologies-pratt-slow-on-f-35-engines-pentagon-says
22 mai 2020 | International, Aérospatial, Naval
"The hesitation to include allies in Olympic Defender was on our end as well," says Secure World Foundation's Brian Weeden. "National security space is sort of the last bastion of America's 'crown jewels'." By THERESA HITCHENSon May 21, 2020 at 5:50 PM WASHINGTON: A number of US allies may now join Space Command in the US military's baseline plan for protecting and defending satellites during war, Operation Olympic Defender, we hear, following in the footsteps of the first country to sign up, the United Kingdom. SPACECOM today announced its leader, Gen. Jay Raymond, has signed the first order under OOD in his capacity as head of the combatant command. OOD is the US military's operational plan for protecting and defending US and allied satellites in conflict. “This is a major milestone for the newly established command,” Raymond said. “As the threats in the space domain continue to evolve, it is important we leverage and synchronize capabilities with our allies not only to understand each other's national perspectives, but to work seamlessly together to optimize our multinational space efforts.” Strategic Command created OOD in 2013 as the foundational plan for how the military will protect and defend US and allied satellites in a conflict. As Breaking D readers know, OOD was updated in 2018 to open up allied participation. “The purpose of OOD is to strengthen allies' abilities to deter hostile acts in space, strengthen deterrence against hostile actors, and reduce the spread of debris orbiting the earth,” the SPACECOM release explains. OOD is only one of a number of operational plans for space war Raymond has been working on since SPACECOM was established as a geographic command with an area of responsibility (AOR) 100 kilometers above sea level and up to infinity. He told reporters yesterday that he last week inked the new “campaign plan” for SPACECOM's day-to-day operations; every Combatant Command has such a campaign plan; this will be SPACECOM's first. “That's our foundational plan, if you will,” Raymond explained, “that drives our day-to-day activities across the command of SPACECOM.” In addition, SPACECOM now has responsibility for developing, updating and enacting when the ball drops specialized contingency plans for space war, mapped to specific adversary countries. Former Secretary of Defense Ash Carter back in 2016 set the precedent, naming Russia, China, Iran and North Korea as the key strategic challengers to the US military. SPACECOM's announcement today also noted that the United Kingdom was the first ally to publicly acknowledge this past July its participation in OOD. London subsequently sent additional personnel to Combined Space Operations Center (CSpOC) and the 18th Space Control Squadron at Vandenberg AFB to support its decision, SPACECOM added. CSpOC is responsible for command and control of day-to-day space operations and includes allies representation. The 18th Space Control Squadron is responsible for space domain awareness operations. Up to now, many allies were leery of signing up due to the fact that space operations were being commanded by STRATCOM, which also oversees US nuclear war planning. Public opinion in many US allies, such as Germany and Italy, traditionally has been strongly anti-nuclear. It is not by chance that even the UK, which had joined OOD under STRATCOM's control, kept its participation silent until now. “Some of those same concerns were initially raised about having USSTRATCOM be the lead agency for signing SSA data sharing agreements with other countries,” noted Brian Weeden, head of program planning at Secure World Foundation and a former Air Force officer who worked on space situational awareness operations at STRATCOM. “But the hesitation to include allies in Olympic Defender was on our end as well,” Weeden added. “National security space is sort of the last bastion of America's “crown jewels” and there are a lot of people in that community who are very reluctant to open the kimono to our allies, even the allies who we've been deeply collaborating on intelligence sharing for decades.” DoD and expert sources say interest in participation in space war planning has increased not just because of SPACECOM's standup, but also because concerns about Russian and Chinese efforts to build up their military space capabilities. Indeed, NATO in December declared space an operational domain of joint allied action — albeit insisted that this does not mean NATO endorses space weaponization. France last summer adopted an aggressive space strategy, including pursuit of offensive anti-satellite weapons. Japan on May 19 announced its new Space Operations Squadron, under the Japanese Air-Self Defense Force, to monitor and protect Japanese satellites. For example, the number of countries signing SSA agreements with DoD has jumped to 25, with Peru signing a memorandum of understanding with SPACECOM just last week to gain access to data about space objects collected by the military's Space Surveillance Network of radar and optical telescopes, as well as data to help the country's satellites avoid on-orbit collisions. “This agreement will give Peru access to the highest quality satellite tracking data available to assist them with PerúSat-1 and its eventual follow-on and will provide a linkage to the experts at the 18th Space Control Squadron. In addition, the SSA Agreement enables Peru to request seven advanced services available only to agreement holders,” SPACECOM said in a May 12 announcement. Spain, France and Italy — all of which operate military satellites — have expressed interest in participating in OOD, we are told. Besides the UK, the other members of the so-called “Five Eyes” — Australia, Canada and New Zealand — who already shared intelligence with the US are expected to join in. Although Germany has been hesitant to be seen as pro-space weapons, Berlin has a sophisticated military space program and is unlikely to stay outside of operational planning if rival France joins in. Japan too can be expected to sign on, as it has been seeking myriad ways to be more active in partnering with the US military on space protection — including agreeing to host US military payloads on Japanese satellites. https://breakingdefense.com/2020/05/major-milestone-as-allies-join-spacecoms-war-plan