US Army Upgrades Cyber Protection Training

Uploaded on 2018-09-05 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE--USA, NEWS-Cybersecurity News

The Army's cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port.

"There's a dearth of realistic training venues," John Nix, director of federal for SANS Institute, told FCW. "There are lots of cyber ranges, but they don't have those rich training scenarios where you have an adversary that is being emulated -- a real advanced persistent threat -- and they bang away at the Cyber Protection Teams."

A task force comprised of two CPTs will endure a weeklong, 24-hour-a-day training exercise, called the SANS Cyber Situational Training Exercise (Cyber STX), at the Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind., starting Aug. 20.

While far from the Army cyber team's first cyber training exercise, this is the first with a full-scale cityscape. The 45-acre facility offers typical metropolitan trappings, physical and cyber infrastructures and control systems -- water facilities, a prison, hospital and traffic lights. There's also an electronic warfare component, restricted airspace, and human interference, such as web queries, social media and email that teams must wade through to fulfill the mission.

"It's going to be where cyber connectivity and kinetic activity meet," said Ed Skoudis, co-founder at Counter Hacker and a SANS Institute fellow. He said the exercise's overall scenario involves hackers trying to gain control of construction cranes control systems to damage a city port.

Earlier versions of the exercise lacked industrial control systems. "This is the first real opportunity to exercise that cyber-physical in the similar environment as our nation's critical infrastructure," Nix said.

John Womble, Army Cyber Protection Brigade training officer in Ft. Gordon, Georgia, said the training exercise will be used as an evaluation tool to test if cyber operators are ready for combat. If all goes well, the exercise will create opportunity for the Army to expand beyond SCADA systems and simulate other network breaches, including election systems, power grids, and company networks.

The task force will face cyber challenges around the clock, Womble said, because "the enemy doesn't go to sleep so we can relax, so we have to train for that."

Womble couldn't disclose how many operators were on each team, but said the Army's goal is to push about 12 teams or two task forces through this training process each year going forward.

The goal is to get real-world feedback that gets operators "comfortable being uncomfortable" so they can "maneuver around different adversaries," Womble said, without naming the specific adversarial threats.

"If we can understand all the different possibilities in ways to gain access to the network, we can better protect the network," he added.

The exercise is the last for fiscal 2018 but Womble plans to do more in 2019 -- if the budget allows.

"If we have a budget for FY19, we're on a continuing resolution right now, so if everything goes well, hopefully, we'll have a budget" to do more, he said.

FCW:

You Might Also Read:

US Ready To Fight Hybrid War By 2030

« NATO Live-Fire Cyber Exercise
How Blockchain Can Protect IoT Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.