US Army Upgrades Cyber Protection Training

The Army's cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port.

"There's a dearth of realistic training venues," John Nix, director of federal for SANS Institute, told FCW. "There are lots of cyber ranges, but they don't have those rich training scenarios where you have an adversary that is being emulated -- a real advanced persistent threat -- and they bang away at the Cyber Protection Teams."

A task force comprised of two CPTs will endure a weeklong, 24-hour-a-day training exercise, called the SANS Cyber Situational Training Exercise (Cyber STX), at the Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind., starting Aug. 20.

While far from the Army cyber team's first cyber training exercise, this is the first with a full-scale cityscape. The 45-acre facility offers typical metropolitan trappings, physical and cyber infrastructures and control systems -- water facilities, a prison, hospital and traffic lights. There's also an electronic warfare component, restricted airspace, and human interference, such as web queries, social media and email that teams must wade through to fulfill the mission.

"It's going to be where cyber connectivity and kinetic activity meet," said Ed Skoudis, co-founder at Counter Hacker and a SANS Institute fellow. He said the exercise's overall scenario involves hackers trying to gain control of construction cranes control systems to damage a city port.

Earlier versions of the exercise lacked industrial control systems. "This is the first real opportunity to exercise that cyber-physical in the similar environment as our nation's critical infrastructure," Nix said.

John Womble, Army Cyber Protection Brigade training officer in Ft. Gordon, Georgia, said the training exercise will be used as an evaluation tool to test if cyber operators are ready for combat. If all goes well, the exercise will create opportunity for the Army to expand beyond SCADA systems and simulate other network breaches, including election systems, power grids, and company networks.

The task force will face cyber challenges around the clock, Womble said, because "the enemy doesn't go to sleep so we can relax, so we have to train for that."

Womble couldn't disclose how many operators were on each team, but said the Army's goal is to push about 12 teams or two task forces through this training process each year going forward.

The goal is to get real-world feedback that gets operators "comfortable being uncomfortable" so they can "maneuver around different adversaries," Womble said, without naming the specific adversarial threats.

"If we can understand all the different possibilities in ways to gain access to the network, we can better protect the network," he added.

The exercise is the last for fiscal 2018 but Womble plans to do more in 2019 -- if the budget allows.

"If we have a budget for FY19, we're on a continuing resolution right now, so if everything goes well, hopefully, we'll have a budget" to do more, he said.

FCW:

You Might Also Read:

US Ready To Fight Hybrid War By 2030

« NATO Live-Fire Cyber Exercise
How Blockchain Can Protect IoT Devices »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.