Cyber Guard Exercise Points to Need for Persistent Training
By Jim Garamone
DoD News, Defense Media Activity
WASHINGTON, July 7, 2015 It’s an axiom in the military that “you train like you fight.” Another is “the battlefield is a bad place to meet an enemy for the first time.”
U.S. Cyber Command is expanding these truisms to the cyber domain, and the Cyber Guard exercise -- held June 8-26 in Suffolk, Virginia -- brought together players from the Defense Department, the Department of Homeland Security, the FBI, the Federal Aviation Administration, private firms and law enforcement to train to handle cyber operations and ensure all the players know each other and the capabilities each brings to the fight.
The exercise also included participation from U.S. allies, including the United Kingdom.
Speaking to reporters last week, Coast Guard Rear Adm. Kevin E. Lunday, the director of exercises and training at Cyber Command, said the exercise pointed out the need for a persistent training environment for the cyber domain.
The Cyber Guard scenario included a major earthquake in Southern California, with all the response that would entail. That was followed “by a series of what seem to be coordinated cyberattacks by a range of different actors that disrupt electrical power, both along the West Coast and the East Coast,” Lunday said.
Under the scenario, banks are affected, oil and gas pipelines and a major commercial port in the United Kingdom are disrupted, and Defense Department information networks -- across the department and across the services -- are attacked, the admiral said.
The exercise scenario included power outages, ATM failures, food shortages and other things that would happen as the result of a real cyberattack, including the intense media interest that would result.
The teams that form the core of Cyber Command’s front line participated in the exercise. “We’re employing the force while we’re building it,” Lunday said. “So some of the teams that were in this exercise are still under development – [they are] still being staffed and trained.”
Persistent Training Environment
Cyber Guard reinforced the contention that the U.S. government needs a “persistent training environment,” so all operators in the cyber domain can train together, the admiral said.
“[For] some of the teams, this is the first time they’ve ever done anything like this,” Lunday said. “What these teams really need … is to have a persistent training environment that we can do this kind of exercise in a closed, simulated network with a live opposing force. We need to be able to do that all the time, day after day after day, in order to be really ready for this, rather than just once or a few times a year.”
The persistent environment must include private-sector entities, he added, because private firms own or operate much of the critical infrastructure in the cyber world. Allied participation also adds to the realism, Lunday said.
The simulated environment -- a cyber range, so to speak -- is just one component of the persistent training environment, Lunday said. Another component, he told reporters, is a realistic scenario that allows teams to train in combating a range of threats, and another is providing the management and assessments of the exercises.
“Then the final piece is the physical locations that the exercise participants sit in, and then the transport layer that they connect into the exercise from,” Lunday said. “We can do that in a very distributed way from all over the nation, or even internationally, through a transport layer into the exercise environment.”
All these need to come together for a persistent training environment, the admiral emphasized. The Defense Department is working to build this capability, Lunday said, but also is building an interim capability.
“For example,” he explained, “by the end of this year, the core network environment that we used for this exercise, we will refresh that and build it out and enable teams … to connect in smaller, scaled-down, more - scenarios, and do more of that persistent, continuous kind of training that I'm talking about.”
(Follow Jim Garamone on Twitter: @GaramoneDoDNews)