By Mike Milord (Army Cyber Command)April 1, 2019
The Army and total joint force conducted Cyber Anvil, a Persistent Cyber Training Environment, or PCTE, event in mid-February at the Johns Hopkins University Applied Physics Laboratory in Laurel, Md.
As cyber warriors trained on a new network platform, this was also a time to provide feedback for evaluation and increased performance.
Hosted by the Johns Hopkins University and overseen by the Army's Program Executive Office, Simulation, Training and Instrumentation, or PEO STRI, Orlando, Fla., the PCTE brought together U.S. military senior leaders, joint forces and industry to forge the way ahead for persistent cyber training.
"Today is our first user event -- letting cyber mission forces train on the Persistent Cyber Training Environment platform for the first time," said Lt. Col. Thomas Monaghan, Product Manager for Cyber Resiliency & Training, PEO STRI. "We have elements from the Army, Navy, Air Force, Air Force Reserve, Air National Guard, Coast Guard, and Marine Corps, training, either here physically or dialed in distributively worldwide.
"This week, is a 72-hour exercise; all these units are here or dialing into training. They're doing different exercises in different areas. Also the general officer steering committee will receive a program office update on the training capabilities."
Monaghan described the effort as rapid prototyping.
"This is not the finished product -- this is the version B prototype," he said. "As we're building a working prototype, we deliver it to cyber mission forces -- they train with it, they execute missions on it, and then give us direct feedback so we can improve the system and make it better for them to operate as we move on."
While one of the major PEO STRI objectives is to get cyber training conducted on the working prototype, another goal is to test how well the platform performs to support the individual and collective training, said Maj. Josh Thomas, capability manager, Army Training and Doctrine Command, Cyber, Fort Gordon, Ga.
"Think of it as a load balance. If I put one team on there -- how well does the system perform -- what is the utilization of the software -- does it compute and have storage?" asked Thomas. "If I add three additional teams, what does that look like?
"We also have a technical operation that focuses on the health of the platform, both software and hardware, and how it's performing to support the training being conducted,' said Thomas. "We also have key stakeholders and those wearing the training manager hat today as part of the operating force. They're trying to synchronize all the activities while the teams are actually training on the platforms."
"We're trying to push PCTE to deliver faster because we know the capability where it's at today is capable of conducting the training, producing the training and we're trying to just show that to the joint force," said Navy Chief Warrant Officer 5 Jeffrey Fisher, the event manager. "The Navy's already using it. We're building training in it.
"We want the joint force to see it to get the Army, the Air Force and the Marine Corps to start working together to build training, have multiple scenarios and even train with one another."
The first day is a day for the teams to perform reconnaissance, checking to make sure the infrastructure is operational, said Maj. Matthew Weiner, cyber plans and programs, J6, National Guard Bureau.
"They're making sure all the checks and balances are in place - they're working and better understanding the network and better understanding what capabilities they have to go out and actually do the mission," said Weiner. "Tomorrow it will be a training mission essentially -- they go out and defend their networks against an adversary.
"I think the key takeaway from this is all the service components are here or connecting remotely into the system a prototype, a beta system running in an operational environment, providing real training value.
"To the left they're doing an exercise for a hunt mission. In the middle you have a Kibana (an open-source data visualization and exploration tool) and elastic skills builder training. There is also a capture the packet -- an individual training event learning how to look at packet capture, looking at different types of data, topography, net flow analysis, steganography, everything from just a very basic technology to identifying systems and malware."
He said the teams had a very broad range of capabilities and also there is a white (neutral) cell made up of one or two representatives from each software company providing a back end, an understanding to a common operational picture of how the environments are interacting together.
Working on the platform with the Blue, or defensive, team, Navy Lt. Theodore Falk explained the team's role.
"Today is the first day, a dry run," he said. "We're going into the range to validate what's on the map. We want to physically verify all the information so we have an accurate picture of the territory we'll be defending."
Johns Hopkins University Applied Physics Laboratory served as the provider of facilities and communications required to execute the first use event for PCTE for training and operations.
In general we are part of the Army program manager's team for PCTE," said Calvert L. "Triiip" Bowen III, JHU-APL program manager for cyber maneuver and Army cyber operations.
"In that role we're providing strategic messaging, strategic thinking, technical assessment criteria and evaluations and any other support that the program manager may need," said Bowen.
"This is really a great what we call DevOps (developmental operations) environment, where you develop a little bit, you put it in the operators' hands - they give you feedback. And you make changes based on their feedback and then the next level of development. And it's a cycle.
"These events are meant to be sort of this DevOps relationship, but all the while the force is also getting trained. They're not just testers. They're actually conducting training that's appropriate for their mission set."
While the Maryland lab served as the hub, forces from throughout the country were able to train, either onsite or remotely. The forces were comprised of Fleet Cyber, Air Force NMT and Air National Guard at JHU-APL; Air Force Reserve at Gunter Air Force Station, Ala.; the Army Cyber Protection Brigade, Fort Gordon, Ga.; Air Force Cyber at Joint Base San Antonio, Texas; Information Warfare Training Group, Pensacola, Fla.; Army CPB, MacDill Air Force Base, Tampa, Fla. and Fleet Cyber, Pacific Command, Honolulu, HI.
For more information, contact PEO STRI public affairs at 407-384-5119.