Driving Innovative Thought in Cyber Security and Training
Speed of change and the scale of which network systems can be used against themselves pushes to the breaking point the ability to defend cyberspace. The foundation of change is at the education and training level where the cyber warfighters and educators construct the systems that can understand yesterday’s challenges and be ready for tomorrow’s.
Military Training International spoke with several leaders in the field for their perspective on the challenges, accomplishments and the paths forward.
Mark A. Parsons
Senior Instructional
Systems Specialist
Engility
In the ever-changing landscape of today’s cybersecurity threats, defending networks requires tactics as swift, adaptable and agile as those used by enemy attackers. The industry organizations responsible for preparing those who will protect our cyber systems must be adept in their skill and strategy—knowing how to strike a balance of being sensible and superior, of gaining intel and never losing integrity, and of mastering threat anticipation and excelling at threat analysis. To achieve this advantage, our operators must proactively learn the tactics of realistic cyberwarfare during training, enabling them to persistently prevent and protect against threats.
Our simulated training environments must be built with a combination of operational knowledge, technical expertise and in-depth understanding of the rapidly changing learning behaviors and delivery mechanisms that are best suited for the current and future generations of the cyber workforce. Industry is uniquely positioned to achieve this with its ability to:
Think creatively – Industry must marry a scientific approach/background with a savvy mindset to apply a fresh perspective to every challenge. What best practices, techniques and technologies are working in the commercial world that can carry over to our defense practices? How are consumers collecting and communicating information that impact how we could/should be teaching and training our servicemen and women?
Think collaboratively – Industry has the unique ability to research, develop and provide effective solutions through partnerships with other organizations, academia and information technology labs. We must also accept the fact that as the cyber world continues to expand and extend its reach into more and more of the critical infrastructure functions of our nation, and globally, it is requiring our military services and national defense leaders to work closely together—more so than they’ve ever needed to before. With an enormous need for common platforms and distributed training environments, cyberspace is a terrain that we all must work together to secure.
Think cost-effectively – Industry can automate processes and repurpose technologies to have multiple applications or support various functions. This enables a multiplier factor and can have a tremendous impact on efficient spending and ROI.
Think constantly – Industry training solutions must establish a means of facilitating rapid content updates, threat profiles and simulations to mirror threats encountered. We garner a better chance of quickly recognizing and addressing offensive threats as they occur if training and assessments are ongoing, consistently updated and always available.
Ultimately, keeping up with the changing space of cybersecurity requires a respect for traditional and agile tactics—such as training and deploying mobile cyber protection teams and cyber mission forces to harden systems and ensure system reliability—and a desire to defend with innovative new training technologies. Developing and implementing these technologies requires creative, collaborative, cost-effective and adept thinking— an approach that makes industry uniquely suited to serve.
Patrick Lardieri
Fellow for Cyber Solutions
Lockheed Martin
At Lockheed Martin, our advanced tools and unique cyber testing and training methods are providing realistic, live practice environments. These methods are tailored to specific organizations and users from elite cyber mission forces to system operators. Using our unique capabilities, Lockheed Martin has conducted more than one hundred cyber testing and training events for the Department of Defense. During such events, we have experienced and overcome two significant challenges to effective cyber training:
Developing cost effective evolution of training environments to keep a pace with system changes and evolving threats
Exposing and educating system operators to cyber threat indicators and warnings
Training configurations for stable systems, such as aircraft, can remain relevant for many years. However, cyber trainers have to adjust constantly to keep pace with substantial changes in systems and networks. For example, there are hundreds of legitimate variations for a typical server when considering the operating system, application services, and security tools. Each instance in a given network can change at different paces. Some users may receive email client upgrades with enhanced phishing detection weeks before others. The constant operational environment evolution requires rapid generation of training environments tailored to each organization’s specific needs in a few days to a few weeks.
Lockheed Martin developed an automated tool chain that enables us to deploy and reconfigure complex cyber environments in hours or days. Previously, in only five days, we tested and configured a complex, encrypted network of more than 10,000 nodes consisting of real OSes, network devices and network protocols in 25 configurations. Each configuration represented a possible operational deployment of different scale and security properties. Our ability to reconfigure the network topology and protocols automatically enabled us to cover the full set of possible cyber cases in a week. More traditional trainer approaches may take multiple weeks to months to shift between such highly varied configurations.
Lockheed Martin provides environments for cyber mission forces training. However, though important, they make up a small percentage of the service personnel who require cyber training. We also offer opportunities for live defender training during cyber testing events where we encourage programs testing on the range to provide operators and cyber defenders the opportunity to observe our cyber security evaluation teams conducting live attacks against the systems. This provides great exposure and education to attackers’ methods and the impacts they create. It also offers opportunities for operators to use their skills and defensive tools to develop indicators and warnings for various attacks. We push the operators to look beyond standard security logs and analyze aspects of their system’s behavior and performance under various attack scenarios. For example, in one test participants noted how specific instrumentation we developed would provide clear indicators of various denial of service attacks.
Lockheed Martin’s processes, capabilities, and expertise are enabling the military services and the Department of Defense to scale-up cyber training and testing services to meet the rapidly expanding demand for cyber warriors and resilient mission operators.
Dr. Rajin Koonjbearry
Senior Faculty in Cyber Security
Grantham University
Data breaches, system hacks and service interruptions are running rampant in our nation. These potentially serious security risks continue to increase, demanding a greater need for cybersecurity experts. University and colleges are struggling to develop an appropriate and successful curriculum in an ever-changing cybersecurity landscape. In a recent article in Cloud Passage, Mitch Bishop, Cloud Passage’s chief marketing officer, argued that most United States universities are scoring an “F” on cybersecurity education. The poor scores are attributed to the lack of clear definition of cybersecurity, inadequate curriculum and educational approach regarding cyber defense education.
In recent years, many universities have started offering cybersecurity programs using combinations of exiting courses from other programs. This approach was inadequate, as graduating students were ill-prepared for cybersecurity jobs. As a result of the lack of trained faculty in cybersecurity fields, attempts to develop new courses moved slowly. There are only a handful of universities in the United States which offer a terminal degree in cybersecurity and the graduation rates in cybersecurity has been extremely low. According to Secretary of Commerce, Penny Pritzer, this shortage is expected to last into the next decade. The demand for cybersecurity experts is expected to reach over 210,000 unfilled openings.
Recently, the United States government has become more involved in cybersecurity training. In 2015, during a visit to Norfolk University, Vice President Biden announced the infusion of $25 million by the federal government into cybersecurity training. This investment is a positive step toward developing adequate cybersecurity training. Due to the significant increase in data breaches and state sponsored cyber-attacks, the demand for cybersecurity experts is growing faster than originally expected.
One way to address the cyber security expert shortages would be to partner with United States Department of Defense, and other law enforcement organizations. These agencies have been on the forefront of the cybersecurity defenses and are intimate with protocols and tools used to defend and launch cyber security attacks. Many military and National Security Agency employees have in-depth knowledge of cybersecurity defenses; however, they do not have formal educational degrees or certifications and, therefore, are often overlooked by employers.
Grantham University has a dynamic and cutting edge cybersecurity program that can benefit ex-servicemen, military retirees and other employees from government agencies. The program, taught by instructors with doctorates in cybersecurity and with extensive military-related cybersecurity experience, uses the latest tools and technologies to allow students to “hit the ground running,” particularly for students with a military background. Such a partnership can help to fill many of the cybersecurity positions that have remained vacant due to lack of qualified personnel.
See more at: Article.
Reprinted from Military Training International, Nov 2016. Copyright 2016. All rights reserved.