WASHINGTON — As the U.S. Defense Department matures its cyber force and training, it wants greater visibility over the readiness of its teams and a more realistic training environment that replicates the entirety of the internet, including social media.
These two areas were the focus of the latest industry day for the Persistent Cyber Training Environment, or PCTE, which is U.S. Cyber Command’s online client that allows worldwide cyber mission force teams to connect and conduct individual and team training as well as mission rehearsal.
The Army is running the program on behalf of Cyber Command and the joint cyber force.
The Aug. 19 industry day specifically focused on what the PCTE program office is calling Cyber Innovation Challenge 4. Officials have said that Cyber Innovation Challenge 4 differs from its predecessors, partly because how the program office has matured and better integrated with the operational force at Cyber Command and the service cyber components.
The challenges are ways to deliver incremental capability to the training platform. They also serve as competitions to award contracts and layer new technologies onto the platform, oftentimes involving smaller, nontraditional defense companies. There were 78 companies registered to the industry day — 25 percent of which were new to PCTE competitions and cyber innovation challenges.
“What do I need from you? The two major areas we’re focused on today are cyber mission force assessment, which is improving our ability to assess our training of the force, and two, traffic generation. Increasing the realism of operating [in] the internet,” Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, told the industry audience during the remote event.
These two focus areas emerged from multiple discussions with Cyber Command and the service cyber components, officials said. Part of what is driving the greater need to assess the force and understand its readiness is new reporting requirements from Congress.
“The assessment functionally must be able to incorporate defined training standards which will enable USCYBERCOM to accurately measure and maintain team and mission readiness, which has become even more critical with the 2020 National Defense Authorization Act directing quarterly reviews of the cyber mission force’s readiness,” said Col. Tanya Trout, the outgoing director of the Joint Cyber Training Enterprise, which is the nonmaterial component to PCTE at Cyber Command. “Being able to demonstrate how we’re impacting readiness is the gamechanger.”
A staffer for the House Armed Services Committee said the quarterly assessment is set to be delivered along with the quarterly briefing on cyber operations, as mandated in a previous NDAA. However, due to the ongoing pandemic, the committee has been unable to schedule the briefing. The staffer added that despite not having the report in hand, the committee is encouraged to see the Pentagon has made progress in creating metrics to evaluate the cyber mission force.
Commanders also want a better way to see how their forces perform during training so they can review scenarios and modify it as needed.
Specific requests to industry include planning tools, a scoring engine, an assessment repository and data collection, analytics dashboards and aggregation, and external reporting.
“These capabilities will give commanders better tools to assess their force. Commanders will be able to look at data and assess individual … and unit readiness. These capabilities will also give training managers planning tools to meet commander’s goals,” Fogarty said.
Regarding traffic generation, Fogarty said there’s a need for forces to be able to operate across the continuum of the information environment, not just within a certain set of networks. These include friendly space, gray space — which refers to the neutral area of the broader internet — and adversarial networks (known as red space).
At air bases across Europe, networks are under attack. But cyber operators from around the world are on the case.
“The environment that PCTE replicates has to actually replicate the real-world environment,” he said. “We need a way to define, shape and record realistic traffic emulation capabilities that mirror real-world activities and terrain across the cyber domain. But also, very importantly, in the information environment, that includes social media because it would be very simple for us if all we had to do was worry about just the network. What we have to worry about is the entire information environment.”
The program office is now looking for host/user-based traffic activities, cyber traffic terrain, network traffic layers, information operations and social media layers, and traffic command-and-control dashboards.