Cyber warriors: The next generation
The cyber commands are planning to add thousands of new personnel. Where will they come from? And how will the services train them?
The U.S. military has always taken cyber operations seriously, dealing with constant scans, probes and attacks on its networks, dating to the early days of the Internet. But the breadth of the issue really hit home in 2008, following an incident that became known as “Operation Buckshot Yankee.”
An employee of the U.S. Central Command inserted a flash drive into a laptop at a base in the Middle East. The drive delivered malware, placed by a foreign intelligence agency, into the network and it spread unnoticed across classified and unclassified systems, exposing the data on those systems to servers under foreign control.
It was the largest breach in U.S. military history and prompted the Defense Department to dramatically remake its cyber defense strategy. That led to the creation of the U.S. Cyber Command, which went operational in 2010, and the creation or expansion of cyber commands at each of the military services. And the extent of cyber operations continues to grow.
In 2011 the Pentagon declared cyberspace a domain of warfare — in the same sense as land, sea, air and space — and the U.S. command and the service commands at the Army, Navy, Air Force and Marine Corps all are expanding their workforces. While some areas within DOD are seeing budget cutbacks, funding for cyber operations is increasing. The 2014 omnibus appropriations bill, for example, will more than double the Cyber Command’s funding, from $191 million in fiscal 2013 to $447 million.
Key to making the command work is training personnel, both uniformed and civilian, in the specific aspects, both defensive and offensive, of the complex theater of cyber warfare.
There is no one-size-fits-all for Defense Department cyber training. Neither is there one institution or organization that can meet all of the needs that are required to deploy well-trained front-line troops to defend DOD networks against daily attacks that number in the millions and carry out cyber warfare missions when necessary.
“Training today’s cyber professionals requires the use of a broad range of venues to prepare these personnel to operate in a technically challenging environment,” said Air Force Col. George Lamont, the director of training for the U.S Cyber Command.
For uniformed personnel, training is handled by their respective military services. All four of the military services and the U.S. Coast Guard train to high and increasingly common individual and joint operating standards, according to DOD. The Pentagon and its contractors, as well as the military academies and National Defense University’s iCollege, all play a role in ensuring a standard of skills and professionalism among the cyber workforce.
U.S. Cyber Command commander Army Gen. Keith B. Alexander in 2013 unveiled a new structural framework known as Cyber Mission Force (CMF) to manage the Pentagon’s expanding cyber workforce.
CMF has three forces, each with a specific mission. One is the Cyber National Mission Force that defends the nation from foreign adversaries in cyberspace. Another is the Cyber Combat Mission Force that supports the services’ combatant commands. Yet another is the Cyber Protection Force, which defends military networks and, when authorized, other infrastructure.
The training for CMF personnel, which is done by the military services, will continue well into 2015, according to information previously released by DOD.
“Cyberspace is becoming more important in the DOD,” said a department official who requested anonymity because of the sensitive nature of the work. “The new Cyber Mission Force structure of approximately 6,000 personnel will shape the way the services use cyberspace professionals as [the teams are] built over the next several years.”
Initial cyber training typically lasts several months, but advanced cyber training required to work in joint operational environments typically requires several additional months of training, Lamont said.
The cyber warriors that will not only defend networks at the national, joint and command levels but also conduct the defense and offensive actions that constitute cyber warfare need a wide array of technical skills.
These include basic IT skills such as server administration, engineering, technical support and knowledge management. It also includes more advanced cybersecurity skills such as information assurance, information security, network defense and certified ethical hacking. Network defense training comprises auditing, incident response, and infrastructure support.
“It is important to ensure we maintain joint, ‘common’ training standards so that all of our cyberspace professionals have the same baseline of skills necessary to operate in this complex domain,” Lamont said.
U.S. Cyber Command and the military services have developed joint cyberspace training standards that allow for the inclusion of existing approaches to cybersecurity and cyber warfare, and also allow for the development of new approaches as knowledge and needs change, DOD said.
4 phases of training
DOD has developed a four-phase training model to assist the military services in implementing common individual and collective training standards for the CMF, Lamont said.
The training model is composed of feeder courses that help military personnel obtain military occupation specialties for their respective services, foundation training built around specific CMF work categories, collective training for mission-oriented teams, and sustainment that keeps personnel abreast of changing needs and requirements.
“Our cyber professionals are constantly learning, as this domain and technology are ever-changing,” Lamont said.
The Cyber Command and the military services continually identify gaps that need to be addressed in individual and collective training through frequent discussions with subject matter experts throughout DOD and military services, DOD said. The DOD and services also identify gaps in cyber training through regular exercises, such as Cyber Flag, which is an annual joint, interagency exercise conducted at Nellis Air Force Base, Nev.
“There is nothing more vital to our mission of defending our networks than a trained and ready cyberspace workforce,” Lamont said. “Cyberspace has become an integral part of our interconnected world and our warfighting capabilities. Training never stops in this dynamic environment.”
That the military services are making a major push to strengthen cyber recruitment and training reflects the serious threats that cyberattacks pose not only to military assets deployed around the globe, but also to the nation’s critical infrastructure.
Schools for cyber
The military services recruit and train cyber warriors at designated cyber schools such as the one the Army runs at its Cyber Center of Excellence at Ft. Gordon, Ga., and the Navy operates at its Center for Information Dominance in Pensacola, Fla.
The 24th Air Force, which is the service’s operational cyber organization, officially opened its new headquarters in April 2013 at Joint Base San Antonio-Lackland, Texas. The 688th Information Operations Wing, a component of the 24th Air Force, facilitates the recruitment and training of the service’s cyber personnel.
Air Force cyber personnel receive initial training at Keesler Air Force Base, Miss. Officers are enrolled in Undergraduate Cyber Training, and enlisted personnel who will serve as cyber operators attend a Cyber Defense Operations Course, said Air Forces Cyber Public Affairs. Air Force cyber personnel also receive advance training at Hurlburt Field, Fla., where they are enrolled in an Intermediate Network Warfare Course.
Cyber operators receive training on their particular weapons systems at their mission locations, and also through a mix of professional civilian certifications in information assurance, computer security, network security, hardware and software platforms, and incident handling. The Air Force also administers recurrent training to ensure its operators are abreast of the most recent tactics, techniques, and procedures.
Military service personnel receive education and training in information operations, cryptology, and intelligence that enables them to attack, defend, and exploit intelligence information in the cyber sphere, DOD said.
The services carry out training for a number of positions for enlisted personnel and officers. For example, the Navy has cryptologic, information systems, and intelligence specialists’ jobs for enlisted personnel. And for its officers, the Navy has information warfare, cyber warfare engineer, and other specializations for officers.
For its part, the NDU educates officers from the services about technology aspects of cybersecurity and cyber warfare, as well as how to cope with situations which are not covered by training manuals or textbooks.
“What we do at NDU’s iCollege is cultivate the leadership perspective,” said Gil Duvall, chair of the Information Operations and Assurance Department at NDU’s iCollege. “This involves not only understanding technology, but also the command and control and decision processes that happen differently in cyberspace and the different types of people skills that have to be developed.”
Moving forward
The Army announced publicly in December 2013 that it was consolidating its cyber command operations, which previously were scattered in more than a half dozen government office buildings in the Washington, D.C., area to Fort Gordon. The Army’s cyber and network operations at the Georgia facility will be under the control of a single commander who will oversee a worldwide corps of 21,000 soldiers and civilians.
The Navy has a cyber workforce of 5,000 uniformed and civilian employees working at Fort Meade, Md., and also at U.S. Fleet Cyber Command/U.S. Tenth Fleet operational facilities and task forces around the globe. The task forces support combatant commands or joint force activities with expertise in cyber networks, information operations, electronic warfare, signals intelligence and space.
The Naval Reserve Officer Training Corps is able to boast that 85 percent of its scholarship midshipmen for 2013 and 2014 are enrolled in academic majors with a technical focus, the Navy told Defense Systems. Of those, 11 percent are majoring in academics with a direct application to cybersecurity and cyber warfare, such as computer science, computer engineering and electrical engineering.
As a sign of the growing importance of cyber study at military colleges, the U.S. Naval Academy announced in May 2013 that it had established a cyber operations major for the class of 2016 and beyond. In December, the Army graduated it first class of cyber network defenders at Fort Gordon.
“As we continue to understand the demands and roles of the cyber warfare community, we will work with our partner host schools to develop midshipmen who will lead the Navy into tomorrow's warfare landscape,” said Lt. Matthew Comer, a spokesman for the Naval Service Training Command.
In addition to recruiting through its ranks, the Navy wants to rapidly assimilate college graduates with cyber-related degrees from nonmilitary schools into its ranks through its cyber warfare engineer career field, Navy officials told Defense Systems.
NDU’s iCollege offers training to leaders ranging in rank from major or equivalent to one-star general or equivalent, Duvall said. He said iCollege routinely adjusts its curriculum to changes to policy and technology that occur at the federal level.
The institution uses case studies, modeling and simulations, and a cyber range to educate future cyber leaders, Duvall said. By applying what they are learning through these methods, students learn how to make the best decisions possible in cyberspace when they encounter new threats that develop under their watch, he said.
“We want to get our students to understand the cyber landscape to the point where they can be active thinkers in cyberspace,” Duvall said. “What we are trying to do is get strategic thinking that involves an agility of the mind to recognize when the cyber landscape is changing how you react to it.”