A highly scalable, advanced cybersecurity training program — capable of providing realistic simulations that mimic complex cyberattacks from hackers — will make a big difference in preparing the nation’s next wave of “21st century warriors,” top Department of Defense officials believe.
During a House Armed Services Committee hearing on Wednesday, officials from U.S. Cyber Command and the DOD pushed to create something called a persistent training environment, though it wasn’t the first time the department has advocated for such a project.
“The initial capabilities document [for the persistent training environment] is under review, and it should be signed within the next one to two weeks. If that happens, and the funding stays in line, then we expect to have initial operational capability by fiscal year 2019,” explained Brig. Gen. Charles Moore, the Joint Chiefs of Staff’s deputy director of global operations
The persistent training environment program would support and build off of several existing and quickly growing training programs, including CYBERCOM’s Cyber Guard and Cyber Flag exercises.
Cyber Guard is a rigorous nine-day training exercise that gathers Cyber Command personnel, similar operators working for NATO allies, private cybersecurity professionals, critical infrastructure company representatives and other technology partners to engage in simulated cyber warfare. Attacking and defending forces are divided to pit intelligent specialists against one another.
CYBERCOM hosted its Cyber Guard session at its headquarters in Forte Meade, Maryland, earlier this month.
“I think you’ll see more and more countries want to become part of this partnership [US Cyber Guard]. And we will embrace them as they show interest and the capability to partner,” Gen. James McLaughlin, CYBERCOM’s deputy commander, said at Wednesday’s hearing.
According to Military Times, the 2016 Cyber Guard exercise put forth a digital scenario where participants were tasked with defending the United States’ energy and transportation infrastructure.
The “most important part” of CYBERCOM is its people, McLaughlin said. “We are training our people to meet a very, very high standard. It is a joint standard across the entire force. In our view, it’s in the minds of our people that will allow them to keep up technologically with what the threat is doing.”
The broad goal of both Cyber Guard and Cyber Flag is to help organizations find vulnerabilities in their own networks and establish a framework for future coordination. Additionally, it offers a venue to better understand the changing cyberthreat landscape and plan future response efforts, McLaughlin said.
But Cyber Guard and Cyber Flag have one drawback: They aren’t scalable training events.
“We have the ability to do high-fidelity, highly realistic training where our teams, our tactical forces, can be immersed in a simulated environment that looks real to them and have to perform their duties with an actual opposing force … The issue, however, is that we cannot do that at scale,” McLaughlin said.
To begin the hearing, Chairman Mac Thornberry, R-Texas, asked Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin whether CYBERCOM should become a unified combatant command. The move would empower it with independent operational privileges, outside of the National Security Agency, enabling the command and control center to conduct global defense missions.
Atkin said yes, but he added a caveat: CYBERCOM requires ample funding, additional training resources and a transparent structure to succeed if it were to become a unified combatant commands.
CYBERCOM’s designation as a unified combatant command center is currently up for debate in the fiscal year 2017 National Defense Authorization Act.