The U.S. and its allies face a regional dispute over territory claims with another major nation state. An increasing number of cyberattacks probe both the Department of Defense Information Networks (DoDIN) and U.S. critical infrastructure, successfully leaving millions without power and shutting down West Coast ports. The still-nascent forces of Cyber Command must prepare to support joint forces to de-escalate the situation or, if necessary, prevail if full-scale conflict breaks out.
This scenario played out during the last two weeks in June at the annual Cyber Flag exercise. The simulation piggybacked on the annual Cyber Guard exercise, which tests DoD’s ability to support to civil authorities in the event of a domestic cyberattack. Cyber Flag, on the other hand, is a classic military exercise that tests participants to the point of failure because that is where learning occurs, Coast Guard Rear Adm. Kevin Lunday, CYBERCOM director of exercises and training, told a small group of reporters during a briefing on the exercise hosted at Fort Meade, Maryland, July 6.
“The purpose of Cyber Flag is for U.S. Cyber Command and our key allies – Australia, Canada, the United Kingdom and New Zealand – to exercise full spectrum cyberspace operations, [defend] our own networks, [and] also to support joint force commander objectives by integrating operations in cyberspace with simulated operations in air, land, sea and space in response to that joint force commander in the regional crisis scenario,” Lunday said.
“These exercises are not just a learning environment for cyber teams participating, but for commanders as well. Last year, we took roughly 40 of our staff and a majority of our teams and located them to the exercise location,” said Maj. Gen. Paul Nakasone, CYBERCOM Cyber National Mission Force commander.
U.S. cyber forces are already engaged in combat. This year, Secretary of Defense Ash Carter tasked CYBERCOM with complementing the global coalition that for two years has conducted air sorties against ISIS targets. This is CYBERCOM’s first operational test -- aside from daily defensive operations to protect DoDIN from roughly 43,000 attempted daily intrusions. The command as a whole is still working to fill out its ranks with 133 teams and generate capability.
During Cyber Flag, commanders steered participants toward learning tactics, techniques and procedures for common adversarial capabilities such as distributed denial-of-service (DDoS) attacks. In the past, participants may have simply blocked traffic, but for this game commanders focused on learning about the malware.
“Let’s be able to cordon off an element of the network to see the malware develop,” Nakasone said. “What’s the malware actually like…This is a maneuver force and we are a learning organization. So how do we learn? We learn based upon being able to replicate the threat and then be able to maneuver our forces to see what type of effect we can achieve.”
Troops also had to think critically about adversarial intent when facing DDoS or similar attacks like defacement of DoD websites. In some scenarios, these were distractions to shift attention away from the true intent: to infiltrate a network and exfiltrate data and plans. “The learning point there would be focus on what your key terrain that enables your mission, [what] your Department of Defense mission would be, and get [the adversary or opposing force] not in terms of a static defense of the network but maneuvering against an adversary inside cyberspace,” Lunday said.
The joint force relies on the ability to communicate seamlessly to conduct operations. As such, cyber forces during Cyber Flag worked to ensure the integrity of systems -- for example, an air operations center responsible for issuing aircraft tasking orders that, if attacked, could delay or inhibit employment of needed air assets.
The flip side is that cyber teams also conduct offensive operations. A joint force commander could order CYBERCOM to degrade an adversary’s command and control assets.
Commanders and participants also gained valuable knowledge working with coalition forces during the exercise. “Partnerships are increasingly important as we start to operate together within this domain," Nakasone said. "How do our allies operate? How are they organized? How are they structured? How do they do their planning process? These are all elements that we’re able to see in a live exercise such as Cyber Flag."
Officials said coalition partnerships and operational coordination will look exactly the same in cyberspace as they do in the physical. “The path we are on is that the same tried-and-true practices of military command and control, of synchronization of operations, of coalition operations that we have learned and proven themselves we bring into operations in cyberspace. Which makes sense if you think about how we will integrate cyberspace with operations in air, land, sea and space,” Lunday said.
Officials also stressed the importance of being able to train on a much more frequent basis than just annual exercises. “This is once a year. I need teams that can do this rapidly more than once a year, that can pull on partners, that have a distributed network, that have assessors, that have an adversary that is adaptable and is expandable to what we need to improve our readiness," Nakasone said. "That’s the next step for us in cyber mission forces.".
No comments:
Post a Comment