Patching Holes in Army Cyber Training
By Robert K. Ackerman
Experimentation is moving to the fore in cyberspace as the U.S. Army seeks to strengthen offensive and defensive cyber forces. This effort is complicated by the inclusion of electronic warfare in a realm that used to belong to signal professionals. With cyberspace maturing as a battle domain, Army experts are exploring cyber modeling and simulation as a key element of their new experimentation approach.
These activities are taking place at the Cyber Battle Lab, which is part of the U.S. Army Cyber Center of Excellence at Fort Gordon, Georgia. The lab, which works in concert with government, industry and academia to accelerate the development of cyber operations capabilities, focuses on priorities set by other Army elements. It has no shortage of work as the dynamic cyber realm poses new challenges constantly.
“The biggest challenge is keeping pace with the threat,” declares Dale White, deputy director of the Cyber Battle Lab. “Our adversaries morph and change very quickly, especially in the cyber domain, and the biggest challenge is … doing experimentation that delivers capabilities that address the threat that is evolving on a monthly or weekly basis.
“We’re not building tanks that will be good for 10 years,” he continues. “We’re experimenting with capabilities that address requirements that shift very quickly. So, we need to figure how to keep pace with the threat at the same time we can quick-turn solutions … into the force.”
The Cyber Battle Lab evolved from the Army Network Battle Lab, assuming the cyberspace operations and electronic warfare (EW) mission without adding personnel. For several years, the lab had people who understood only signal operations, but some of them were familiar with cyber and EW. Over the four years since that evolution began, the lab has improved its institutional knowledge so that it can benefit from the progress of the Army Cyber Center of Excellence.
Col. John E. Grant, USA, director of the Cyber Battle Lab, describes its work as being on the forefront of concept development and modeling and simulation as it examines how to replicate various cyber environments. He cites a team of contractors that brought expertise to the lab and is looking ahead to cyberspace conditions in 2025. The contractors have built on their intrinsic knowledge and are educating other centers of excellence about how cyber will affect the future fight.
Some modeling and simulation experts are investigating how to do modeling and simulation with cyberspace operations, he continues. The key to success is to ensure that modeling generates an accurate vision of cyber effects on current and future operations. “It gets people thinking about how [cyber] is a different domain that not everybody truly understands. But every time we grow questions, it makes everybody wiser in that domain,” Col. Grant says.
The lab’s experimentation is largely centered around requirements identified by Army Training and Doctrine Command (TRADOC) capability managers (TCMs). They have methodologies for looking at emerging cyberthreats from adversaries, and these shape their analyses of future developments, reports Lt. Col. Walton D. Zimmerman, USA, the Cyber Battle Lab’s chief of live experimentation.
Col. Grant adds that the lab’s modeling and simulation is purely for aspects of experimentation, not for training purposes. “There has been a distinct lack of capability of really replicating, in a modeling and simulation environment, the impacts of EW and cyberspace operations,” he declares. The lab is striving to learn the effect of an adversary knocking out an entire digital sector, such as email exchange or Internet access. He notes that Col. Zimmerman leads an effort to build an environment that would give the lab an accurate representation to allow experimenters to exercise against it. This in turn would help feed requirements development for associated TCMs.
“The research we are doing on behalf of the Army G-8 is creating the environment in which we can actually get good, quantifiable data that helps us better define the environment and the capabilities we need to successfully fight in it,” Col. Grant states.
The lab is investigating the integration of a localized cyber range with the simulation federation. It is considering whether this approach—establishing a cyber range surrogate—will help those who do not have cyber or EW models to federate, White says. He adds that the lack of cyber and EW models is well-known throughout the Army and the Defense Department, and it is a problem across both large organizations. It is a major gap that must be closed, he states.
Col. Grant says support for the TCMs is the lab’s primary mission, and they represent “the front edge of the battlefield.” The lab is tasked with finding answers to these problems, and it pursues its mission in several ways.
The lab works directly with the TCMs on defining requirements, and it analyzes potential solutions that help focus more tightly on requirements before a solution enters the acquisition cycle. The lab also seeks outside solution candidates from government labs, industry and academia, Col. Grant allows.
Col. Zimmerman elaborates that the TCMs review their own capability needs and rank them from high to medium to low. Their input on a requirement’s urgency enables the lab to establish priorities.
Col. Grant emphasizes that the lab works closely with the chain of command. “We do not operate in a vacuum,” he declares. “When something comes in, our first step is to bounce that concept off the corresponding TCMs to ensure it falls in with their priorities.”
In addition to the TCMs, the Army Cyber Command has its own set of focus areas where the lab can assist, “working hand in hand with the Cyber Protection Brigade,” Col. Grant states. “We’ve positioned ourselves to help both Army cyber and the Cyber Protection Brigade to work out and define the capabilities they feel they need to successfully accomplish the missions they are given.”
This work operates under the umbrella of the defensive cyber operations (DCO) maneuver baseline. The DCO capability falls under three different hardware configurations that the lab can modify as needed.
One of the key issues facing the lab is common across the Defense Department: how forces can operate in a contested environment in which spectrum may not be available or adversaries can meet or beat U.S. cyber capabilities. Horace R. Carney III, deputy chief of the lab’s Live Experimentation Branch, explains that meeting this challenge will entail leveraging technology to win in this type of environment.
The lab is focusing on several topics, which are outlined in its broad area announcement for Cyber Quest 2018. Cyber Quest brings together soldiers and leaders from across the Army and the research and development community to assess the latest cyber and EW technologies and concepts against documented requirements. The first exercise was held last year. Next year’s exercise will subject several Army elements to cyber effects amid operational realism, and it will seek solutions from government, industry and academia in a live virtual environment.
Other cyberspace interests for the lab include analytics, advanced sensors, DCO mission planning and offensive operations. In EW, the lab is pursuing tactical sensors, a tactical jammer and a brigade and battalion cyber electromagnetic activities (CEMA) management tool. For network and services interest, the lab also seeks assured transmission systems, unified network operations capabilities and Long Term Evolution (LTE) technology. It is interested in EW and cyber-hardened waveforms on two-channel radios, along with beamforming antenna technologies for current and future Army radios. Another key research area is how to operate in theater without being detected.
White notes that the lab supports the operational community in addition to the TCMs. Requests from the field often focus on whether the lab can provide a solution to a gap in cyber operations. While the TRADOC mission represents the bulk of the lab’s activities, operational support is a core competency, White says.
The diversity of the TCMs factors into the role that the Cyber Battle Lab must play. White relates that each TCM has its own area of deep expertise—cyber, EW and networks, for example. Because the lab covers all three components, it also must be deep and broad. This is reflected in the lab’s evolution. “The depth of expertise in the lab has grown from just signal to signal, cyber and EW,” White observes. “We’re a unique organization in that perspective.”
One fledgling process that shows promise employs a cross-functional team where acquisition, testing, requirements and operational forces all are a part. This approach would generate a more agile acquisition process, White offers.
A process growing in importance is Cyber Quest. The two events that have been conducted have demonstrated the value of experimentation, and White states that this approach needs to be sustained as a lab core competency.
Carney points out that in addition to validating experiment results, a separate process validates capabilities for transitioning to the force. These are two distinct steps, and the lab does not participate in the second validation. This is left to the TCMs and other Army organizations involved in the acquisition process.
The lab looks to outside sources to help with concept validation. Col. Grant notes that a relationship with Georgia Tech Research Institute taps its knowledge base to verify concepts. The Army’s Communications-Electronics Research, Development and Engineering Center (CERDEC) also aids with confirming approaches, as do industry partners.
Academia and the commercial sector help set the bar high for cyber capabilities and demonstrate the art of the possible. Carney offers that even if some technologies are not yet available, these sectors are working to bring them to reality. “The things that we thought couldn’t be possible you find people working on,” he says. “If we can leverage those things to help the soldier win on the battlefield, then that’s why we talk to those folks.”
And academia and industry can help enable rapid acquisition. Col. Grant says they are on the forefront of finding the next advances, and they are producing capabilities the lab can access through broad agency announcements and exercises such as Cyber Quest. “If we can rapidly get it ruggedized and operationalized, then it can get to the warfighter a lot faster than what the traditional [Joint Capabilities Integration and Development System] process does,” he declares. “That’s one way we can leverage commercial industry and how it comes into play, especially for rapid fielding and rapid development, that we just can’t do with the big Army machine.”
White says support for the lab is increasing because it is taking an Army After Next approach, referring to the 1990s initiative intended to produce a range of potential solutions for evolving future challenges. Requirements generation is key, and experimentation is necessary to provide needed analytical rigor. Accordingly, TRADOC has funded two Cyber Quests and focus assessments. “The future is brighter” for the lab, he declares.