ORLANDO, Fla. (April 11, 2019) — The future of cyber training is here, and the Army’s Product Manager for Cyber Resiliency and Training (PdM CRT) is delivering it faster than anyone expected. In mid-February, PdM CRT gathered cyber mission forces from all of the services to operationally use the Persistent Cyber Training Environment (PCTE) prototype version B platform for a concurrent, distributed collective and individual level training exercise from a command post at the Johns Hopkins University Applied Physics Laboratory (JHU-APL) in Laurel, Maryland. Training exercise CYBER ANVIL included elements of the cyber mission forces across the Navy, Air Force, Army and Marines as well as the Air Force National Guard and Air Force Reserves operationally aligned to support several combatant commands.
Personnel from Maryland, two sites in Florida, Georgia, Texas and Hawaii all connected to the PCTE working prototype. Many Navy and Air Force teams trained on-site in Maryland while Army personnel supported distributed execution remotely from Fort Gordon, Georgia. Marine and Coast Guard noncommissioned leaders attended the event at JHU-APL to evaluate the platform for future use of the prototype. In total, CYBER ANVIL encompassed nearly 100 participants across five time zones and seven distributed sites.
Collectively, these users—planners, operators, training managers, etc.—operated the prototype to provide operational feedback on the PCTE platform that enabled them to directly plan, prepare, execute and assess several cyber mission force training events across its lifecycle. Trainees accessed a cyber team hunt scenario and an elastic skills builder (ESB) individual threat hunting tool module, both developed by the Navy organically within the prototype, as well as capture-the-packet (CTP) external individual skills training content for forensics and traffic analysis.
“Show me what is wrong with the solution,” said Lt. Col. Thomas Monaghan, PCTE product manager, to a group of visiting senior leaders from DOD visiting the event. Monaghan is product manager for CRT, which encompasses a portfolio of various products, including PCTE. “We need to go hard and go fast, with the users providing feedback every step of the way,” he said. PdM CRT is applying a developmental operations, or DevOps-based process, which differs from traditional processes that follow a rigid timeline and series of steps to achieve initial and final operating capabilities. Instead, the DevOps process connects developers from several vendors and the government engineering team in a very collaborative way to manage configuration updates and changes, and allows them to rapidly respond to input from the operational community to ensure platform relevancy.
Day One kicked off at JHU-APL with a remarkable buzz within the first hour. In the left corner, the hunt teams laid out the daily schedule to maintain a continuous presence in skill sets throughout the day. The team leader shared his screen while the team worked in pairs and called out notable activities to each other. Behind the scenes, the product manager team initiated monitoring with technical operations to compute, network and store. The hunt was on.
The Navy has been the advocate for these training solutions, and contributed the necessary content in this event for foundational cyber training. In the middle and right cubicle sections at JHU-APL, Navy and Air Force teams trained on the individual ESB and CTP training content. Across most DOD cyber ranges and training environments, quality content remains a challenge. Thanks to the dedicated efforts of Chief Warrant Officer 5 Jeff Fisher, from Fleet Cyber Command, the content developed by the Navy was imported into the PCTE working prototype and now is available for reuse by the collective joint cyber mission force.
To keep the PCTE working prototype running for the hunt, ESB and CTP training events, the PCTE engineering team used collaborative chat capabilities to respond to operator questions. This allowed engineers and users to share situational awareness related to the prototypes’ overall performance and the status of issues. All operators accessed the platform through a virtual private network to maximize prototype availability and cyber mission force participation.
As a winter storm approached central Maryland and the forecast changed from rain to snow, Deputy Product Manager Liz Bledsoe let the team know that “there will be no snow days in cyber.” By the end of the business day, most local and federal governments planned to close for the following day. Undeterred, the PdM CRT planned for a contingency CYBER ANVIL operations cell in the nearby hotel used for billeting.
While the National Capital Region was shut down, the Orlando-based PdM CRT team plowed through the snow storm to provide cyber training to remote teams in Hawaii, Texas, Georgia and Florida. Hunt teams in Hawaii picked up where they had stopped the previous day. Starting in the afternoon, PdM CRT stayed online while Hawaii hunt teams went back and forth in pursuing the adversary. Hunt team training occurred without a hitch, and PdM CRT prepared to resume full operations the next day.
The third day resumed where the first day ended. Thanks to the staff at JHU-APL, the hunt, ESB and CTP training went full throttle. The Navy hunt team outlined its processes on the white board: Recon, Weaponize, Exploit, Install, Command and Control, and Action. Navy and Air Force teams continued ESB and CTP training. Air Force Capt. Nick Wolf, part of an Offensive Cyberspace Operations (OCO) team, was very pleased with the event. “The CTP training has value for OCO,” he said. More representatives from the Coast Guard, Army Cyber Command and the Reserve Component observed the training with great interest.
CYBER ANVIL was a healthy initiation for the prototype. The DevOps process is enabling PdM CRT’s utilization and ensuring relevancy of its rapid prototyping initiatives across a multi-faceted cyber mission force user base and mission sets. PdM CRT is expected to pick up the operations tempo of these unit-driven exercises, increasing the scope, size and scale across the services to rapidly battle-harden the platform in advance of its release. Another PCTE prototype event, CYBER VALHALLA, was held in March at JHU-APL, and gave OCO teams the opportunity to again test, harden and iterate the platform. The success of CYBER VALHALLA was another step forward for PdM CRT, which continues to refine the PCTE prototype in preparation for release of version 1.0 in January 2020. – Hmm.. .