One of the most important components needed in the coming years by the cyber operations community within the Pentagon is its own cyber firing range.
Leaders have pointed to parallels in the physical world, where infantry troops use a shooting range to improve marksmanship.
The Defense Department has tasked the Army with managing what is being termed the persistent cyber training environment. The PCTE will allow for both individual and collective training for cyber warriors that includes courses and full-scale, remotely disparate exercises.
While the Army is still working contracts here — ;albeit under expedited authorities — ManTech provided C4ISRNET a look at its PCTE offering during the Association of the U.S. Army’s annual conference on Oct. 10.
ManTech’s capability, which is based on an open-systems architecture, provides a learning management system that is common access card-authenticated and available 24/7, enabling users to log on from anywhere to take courses. It also provides the ability to stand up full-scale networks for team-based training or exercises. The company’s PCTE offering can facilitate up to 1,000 participants within a range.
“Each of these events are going to be designed for a particular purpose,” said Timothy Schaad, a program director with ManTech‘s mission, cyber and intelligence solutions efforts. “If you’re looking to exercise your war fighters, they’re going to be working their mission set, they’re not going to do everything. They have a mission set, and they want to get good at that.”
Schaad noted that while there is really no formal definition for a cyber range, his working definition is “a concept of a mobile shoot house — ;you need to be able to come in and execute your behaviors in an operationally contested, realistic, constrained type of situation.”
To provide that realistic environment, ManTech has built in real internet traffic, not simulated, creating bots in the system to execute behaviors so there’s actual endpoint-level forensics. This way, if someone wants to see who or what machine did something, that individual can point to a particular IP address.
“We have virtual people bopping around writing Word documents,” he said. “All the forensics are all there. Whatever you’re looking to achieve, whatever behaviors you’re looking to elicit from those particular operators, it’s all there.”
Leaders also envision this training environment to be used for things like mission rehearsal. “I want to be able to replicate a network that I want to defend, or I want to be able to replicate an adversary that I want to hunt for within our networks, or I want to be able to replicate a network that I have to get into to create an effect for another commander,” Lt. Gen. Paul Nakasone, commander of Army Cyber Command, told C4ISRNET in August.
PCTE will provide the “ability to test our tools and our capabilities, but also the sustainment training amongst the team that’s really important for us,” Nakasone told reporters at AUSA on Oct. 11. “We see that as the piece that we have yet to focus on, which really is the collective training piece — ;when I say collective training, that’s the training of a squad, mission element, a team — ;that is so critical for us.”
ManTech — ;which has been providing cyber-range capabilities for nearly a decade to include the cyber range at the Defense Information Systems Agency and training for the Joint Regional Security Stacks — ;was surprised when customers started using its ranges for things like mission rehearsal.
“They use this on a daily basis, some of them, because they have figured out they can build out adversarial networks, work their [tactics, techniques and procedures], they can do their mission work-up. That was a surprise to us. we weren’t planning for that mission. It just emerged and we are able to support it,” Schaad said. “It means we built it right, to me.”
The mock network during the demonstrations, while resembling a Visio diagram of network features and applications, was an actual network, framed up like an enterprise with servers, firewalls and workstations with which one could interact.
On the back end, this networks — ;or portions of the network — ;can be copied and saved in a repository to be used later if the Defense Department’s exercise planners ask for a certain type of network similar to one built in the past.
On average, setting up a network will take a handful of weeks, Schaad said, noting that it can depend on the scale.
Sometimes cyber protection teams might ask for a playground, which ManTech can provide as a self-managed tool. For other, more structured events, there’s usually a mission planner that will detail the objectives for which the range must support.
“Every once in a while,” Schaad said, “they give us a science project and say: ‘We don’t know what the answer is, can you do it?’ ”
Nakasone told C4ISRNET that he anticipates in the coming year “as we start to take a look at what is the environment, we are going to develop where are we actually going to put this, what are the type of scenarios we are going to develop, how are we going to operationalize it.” He added that it has been fully funded for the fiscal year.
Schaad said the Army is currently using OTAs, or other transaction authorities, as a contract vehicle and a way to see what’s really the best out there.
“The Army has said: ‘Show us some prototypes, show us what this ought to look like. What should a cyber-persistent training environment look like?’ This is what we brought to the table,” Schaad said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.