By U.S. Army Cyber CommandNovember 19, 2015
FORT POLK, La. -- The Army's pilot program to integrate cyber effects into tactical units took a major step forward with the participation of Army Cyber forces in the 1st Brigade Combat Team, 82nd Airborne Division's recent rotation at the Joint Readiness Training Center at Fort Polk, La.
The pilot was developed by U.S. Army Cyber Command to demonstrate cyber effects at corps and echelons below. The Cyber Support to Corps and Below pilot involves integrating cyber effects via unit training at home station, at the Army's combat training centers, and in support of real-world missions.
To support that effort, Soldiers from the Cyber Protection Brigade on Fort Gordon, Ga., augmented the 1-82nd's organic cyber defenses by filling highly skilled, low-density Military Occupational Specialty positions for the JRTC rotation. The CPB support allowed the brigade to defend its systems and networks against intrusions during the training.
The 1-82nd rotation is the second at JRTC that has included CSCB pilot efforts. Earlier this year, the 3rd Brigade, 25th Infantry Division completed a similar rotation with support from cyber elements.
The cyber Soldiers who augmented the 1-82nd for its rotation are part of a "proof of principle" to determine what people and resources the BCT needs to defend its networks, said Chief Warrant Officer 2 Larry Elrod, the senior member of the CPB element.
The CPB's support to the 1-82nd training at JRTC actually started at Fort Bragg, N.C., the BCT's home station. Elrod said CPB members traveled there to conduct pre-rotation cyber training with 1-82nd leaders, as well as to plan and synchronize efforts for operations at Fort Polk.
Elrod said his team's primary function during the rotation was to monitor the BCT's networks for intruders and issues and make recommendations to the 1-82nd about how to respond to incidents and harden networks against future intrusion attempts.
The intruder at JRTC was the 1st Information Operations Command's Cyberspace Opposing Force. The Opfor, based at Fort Belvoir, Va., is employed by JRTC to challenge cybersecurity during force-on-force training.
To the Opfor team the 1-82nd rotation was a routine training event that happened to be part of the cyber pilot, so other than trying some different tactics and procedures based on the level of cyber support the BCT had available, they didn't do anything different than for any other training rotation, said team leader Maj. Herb Holbrook. The major admitted that having the CPB supporting the 1-82nd made his team's task more challenging, but said the Opfor's aim was the same -- to help the BCT meet its training objectives by providing a "conflicted cyber environment" that allows the unit to detect, report and mitigate incidents.
Sgt. 1st Class Richard Miller is one of the two 17Cs -- cyber operations specialists -- who helped the BCT detect the Opfor's intrusions. Miller said he and his CPB teammates looked for anomalies in data, then worked with the 1-82nd elements responsible for reporting and mitigating any issues they discovered.
For example, Warrant Officer 1 Scott Wigge, information services technician for the BCT, keeps his unit's servers and networks running. Wigge said he worked hand-in-hand with the CPB team, who let him know if they saw something such as a suspected intruder trying to infiltrate his systems, log in, or create back doors, so he could disable bad accounts, conduct virus scans or take other actions. While the BCT already has the aptitude to protect its networks, the CPB provided additional assets that the 1-82nd hopes to further develop in its own cyber personnel, he added.
"We have some monitoring tools in place, but not what they (the CPB) have, or their knowledge. They bring a unique tool to the fight with their experience, to monitor our traffic and alert us to any issues," Wigge said.
Staff Sgt. Frederick Roquemore is assigned to the BCT as a 25D, a cyber network defender. He said the rotation and the ability to interact with the CPB team gives the 1-82nd an added opportunity to determine what cyber capabilities, personnel and training it needs. It also helps to define and develop tools to defend its networks and ensure the brigade commander has the network confidentiality, integrity and availability he needs.
"Creating tools, creating systems for hardening (the unit's networks); that all takes time," Roquemore said. "So it's good we're doing this exercise. Attack and response can happen quickly. It could be as simple as blocking an IP address. But what we have to do to prepare and harden takes time."
Elrod agreed that defending the BCT's networks and helping the 1-82nd to determine what tools it needs are important goals of the pilot. But equally important, he added, is helping the 1-82nd to develop cyber Standard Operating Procedures, battle drills and cyber defense plans, and to refine its reporting procedures to ensure incident information is shared with all unit elements that might be affected or involved in mitigation or prevention.
Because that goal of refining information sharing and reporting is such a vital part of the unit's cyber defense capability, Elrod said one of his team's first recommendations was that the 1-82nd create a Cyber Electromagnetic Activities working group. The CEMA brings together functions such as cyber, electronic warfare, signal, information operations, network technicians and intelligence to incorporate defensive cyberspace operations throughout the BCT's planning processes.
The information sharing that the CEMA working group provides gives the BCT a new capability to integrate cyber capabilities into its plans and better identify common issues and determine common avenues of approach to operations, said Chief Warrant Officer 2 Lance Noell, the 1-82nd's electronic warfare officer. For example, he explained, while electronic warfare is primarily concerned with devices that emit radio waves, "a cell phone is a radio in your hand, but it's also cyber."
"Future fights aren't going to be guns and bullets. They're going to be ones and zeroes," Noell said.
Maj. Joseph Owoeye, the BCT's signal officer, said that during a previous exercise he saw the "devastation" that can result when a unit doesn't have the adequate cyber support and information sharing that allows it to build a common operating picture.
"Ninety-nine percent of information dissemination now is digital, and protecting that critical infrastructure paves the way to victory," the major said. "If information dissemination is shut down, people can't be in the right place at the right time, doing the right things."
Capt. Kenneth Cress is a CPB cyber officer who served as cyber observer/controller for the rotation, tracking his CPB colleagues' actions and how they interacted with the 1-82nd's signal section and other warfighting functions. The goal, the captain said, was to identify friction points and generate discussion about what the BCT is already doing to defend its networks and should sustain, and suggesting changes or improvements.
Cress said the pilot will also help validate the 1-82nd's cyber staffing, to determine how many cyber Soldiers the BCT should have permanently on its team and what their Military Occupational Specialties should be.
Sgt. 1st Class Brian Rowcotsky, the other 17C from the CPB participating in the pilot, said his team also helped to refine and "fine-tune" the 1-82nd's networks and systems as they monitored them, and that the result is that "they (the BCT and the Army) can see how useful we are" to a brigade.
"I think it's the right direction to have these cyber defenders at the brigade level," Cress said.
The 1-82nd's commander, Col. Colin Tuley, agreed.
"Cyber warfare is critical to conventional warfare," Tuley said. "Being able to integrate these assets into the 1st Brigade Combat Team footprint is a tremendous step forward in building teams and capabilities that are required for our military forces. Being at the forefront of the fight, it is vital to have cyber at the brigade level."
The CPB participants said the rotation provided good training for them as well.
"The opportunity to be out here on the systems, on the network…nothing beats hands-on, on-the-job, on-the-keyboard training," Cress said.
"This is actually really good training for us; getting our hands on equipment in a real-world environment", Miller added. "I've really honed my craft here."
Additional CSCB pilot efforts include further CTC support and incorporation of increased cyber operations into the Network Integration Evaluation and Army Warfighter Assessment programs, a series of Soldier-led evaluations designed to integrate and rapidly progress the Army's tactical communications network.