US Army Upgrades Cyber Protection Training

The Army's cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port.

"There's a dearth of realistic training venues," John Nix, director of federal for SANS Institute, told FCW. "There are lots of cyber ranges, but they don't have those rich training scenarios where you have an adversary that is being emulated -- a real advanced persistent threat -- and they bang away at the Cyber Protection Teams."

A task force comprised of two CPTs will endure a weeklong, 24-hour-a-day training exercise, called the SANS Cyber Situational Training Exercise (Cyber STX), at the Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind., starting Aug. 20.

While far from the Army cyber team's first cyber training exercise, this is the first with a full-scale cityscape. The 45-acre facility offers typical metropolitan trappings, physical and cyber infrastructures and control systems -- water facilities, a prison, hospital and traffic lights. There's also an electronic warfare component, restricted airspace, and human interference, such as web queries, social media and email that teams must wade through to fulfill the mission.

"It's going to be where cyber connectivity and kinetic activity meet," said Ed Skoudis, co-founder at Counter Hacker and a SANS Institute fellow. He said the exercise's overall scenario involves hackers trying to gain control of construction cranes control systems to damage a city port.

Earlier versions of the exercise lacked industrial control systems. "This is the first real opportunity to exercise that cyber-physical in the similar environment as our nation's critical infrastructure," Nix said.

John Womble, Army Cyber Protection Brigade training officer in Ft. Gordon, Georgia, said the training exercise will be used as an evaluation tool to test if cyber operators are ready for combat. If all goes well, the exercise will create opportunity for the Army to expand beyond SCADA systems and simulate other network breaches, including election systems, power grids, and company networks.

The task force will face cyber challenges around the clock, Womble said, because "the enemy doesn't go to sleep so we can relax, so we have to train for that."

Womble couldn't disclose how many operators were on each team, but said the Army's goal is to push about 12 teams or two task forces through this training process each year going forward.

The goal is to get real-world feedback that gets operators "comfortable being uncomfortable" so they can "maneuver around different adversaries," Womble said, without naming the specific adversarial threats.

"If we can understand all the different possibilities in ways to gain access to the network, we can better protect the network," he added.

The exercise is the last for fiscal 2018 but Womble plans to do more in 2019 -- if the budget allows.

"If we have a budget for FY19, we're on a continuing resolution right now, so if everything goes well, hopefully, we'll have a budget" to do more, he said.

FCW:

You Might Also Read:

US Ready To Fight Hybrid War By 2030

« NATO Live-Fire Cyber Exercise
How Blockchain Can Protect IoT Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

RecoLabs (Reco)

RecoLabs (Reco)

Reco empowers organizations to discover their SaaS applications, identities, and data, control access and prevent the risk of exposure.

Cytidel

Cytidel

Cytidel is a vulnerability and risk management platform that utilises threat and business intelligence to help IT Security teams.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.

Archipelo

Archipelo

At Archipelo, we empower organizations with Developer Security - to increase software security and compliance throughout the development lifecycle.