Cybercom’s training platform adding more complexity for realistic scenarios
U.S. Cyber Command wants to increase the complexity of simulations and actors within its premier training platform, integrating more multidomain scenarios into practice as malicious cyber activity grows more sophisticated and cybersecurity becomes more ingrained in military planning.
The Persistent Cyber Training Environment (PCTE) is an online client that allows access to Cybercom’s cyber mission force from anywhere in the world for individual or collective training and mission rehearsal. Since its inception in 2015, it has been managed on behalf of Cybercom and the joint cyber force by the Army’s Program Executive Office Simulation, Training and Instrumentation.
Before the introduction of this range, cyberwarriors lacked a central place to hone their skills and train as a team on par with physical domains, such as the National Training Center at Fort Irwin. One of the most important aspects of the platform — now in version 7, with version 8 approved for release — is mission rehearsal capability, allowing teams to practice operations in realistic instances of the threat environment in which they encounter unexpected circumstances and can refine their responses before a real crisis unfolds.
“The changes we make in the next couple of years [are] really going to impact the future of how we do operations,” Mike Hudson, deputy for training and exercise and J7 at Cybercom, said last week during the annual PCTE user forum, a two-day venue for the program office, Cybercom and users to come together to improve the system.
“Malicious cyber actors are difficult to observe and attribute. We’re thinking about how they’re getting in the network, how they’re hiding in the network, how they’re surviving in the network and how do we find them? We’re building that complexity in the PCTE today,” Hudson said. “The PRC, People’s Republic of China, and the Russian Federation have integrated cyberattack capabilities in the military planning and operations to gain advantage during crisis or conflict. In addition, Beijing, Moscow and Tehran increasingly use social media and state-sponsored disinformation sites, both overt and covert, to shape narratives and sow confusion.”
While the platform has always been good at allowing users to create scenarios they need, according to the program office, as the number of features and users grew, the platform has gotten more and more complex.
“As we started training folks, we started with an environment. Not a very complex environment, but it’s gotten more complex over time,” Hudson said. “Then we started thinking about how we build in the intelligence into those events … Then we built intelligence in the right language and then as users started getting more proficient in how they exercise in these environments, they were like, ‘OK we can speak the language, we can see it, you didn’t make it hard, but it’s gotten more complex over time.’ Now we actually have the capability with PCTE to build all of those different things in and make it really hard on our operators.”
The program office is focusing on usability to ensure users can harness the platform to recreate more complex training scenarios.
New features such as “Rapid Range” simplify the range-building process with an easy-to-use drag-and-drop interface, a spokesperson told DefenseScoop.
“PCTE is our training environment for the joint force and it helps us stay ahead of the curve and anticipate these threats,” Hudson said. “The agile training environment enables flexibility, rapid adaptation of new techniques. PCTE has the capacity to integrate the latest cyber tools, tactics, adversary simulations, ensuring our forces train against the most up-to-date scenarios across all three classification levels. This adaptability is critical. Our adversaries are constantly innovating. Yesterday’s defenses are tomorrow’s vulnerabilities.”
The cyber domain poses unique challenges given its global nature. Effects can be planned or felt far from the geographic location of an actual tension, conflict or hostilities and multiple actors can join the fray at once.
Cybercom and the program office have sought to use exercises and other training events to add that increased complexity to the platform to provide cyberwarriors the realism they would likely encounter in the real world.
In one recent example, the command looked at Russia and how to engage in that theater while, at the same time, defending an attack on the homeland.
“How do we approach this from multiple different fronts and then, oh yeah, what are the Chinese and the Iranians going to do when they see that we’re engaged with an adversary in a different theater? Come right in the back door,” Hudson said. “We think about building all of those things into an environment where we can actually train highly skilled folks to engage — it’s critical, critical that we continue to capitalize on PCTE.”
Mission threads and threats included in the environment to test cyber warriors include zero-day exploits, artificial intelligence-driven attacks, ransomware, social engineering tactics and the proliferation of connected devices that allow adversaries to have a large attack surface for exploitation.
From a military standpoint, officials are also worried about how adversaries might use social media to coerce personnel, monitor troop movements and exploit military and intelligence networks to compromise U.S. defense industrial base networks to steal weapons system technology and attempt to compromise U.S. critical infrastructure.
The team is now able to put live adversaries and the malware and tactics they use into the platform for very realistic scenarios.
“If they can fight a blue force on a red force in that type of environment and we mimic the type of networks that we operate on every day, that’s how we train highly skilled operators,” Hudson said. “The global cyber threat landscape is indeed unprecedented in complexity and scale. We’ve seen that, we see that every day as we use PCTE.”
A spokesperson said Cybercom has expanded auto-opposing force applications so users can practice working against a live adversary without bringing in real people to play the part.
More and more organizations are requesting access to the platform to train their personnel, Hudson said.
“We’re getting requests every day from all the different combatant commands – not only the geographical combatant commands but the functional combatant commands. [Transportation Command is a] critical, critical user of our capabilities in Cybercom,” he said. “As we train and we start building in scenarios, we’ve got to think about all of that.”
Cybercom, as a military organization that also conducts cyber operations on behalf of other geographic and functional combatant commands, is also working to include more multidomain scenarios into the platform at the behest of its Australian partners.
“I think it’s an extremely critical component of how we do deconfliction, how we integrate with the other combatant commanders in the other theaters, those in charge of other domains, who’s running the fight, we’ve got to get to that complexity and being able to build all of that into an environment,” Hudson said. The Australians are “pushing us hard to think about is it a plug and play with PCTE, how do we integrate PCTE, do they build that capability into their” environment.
Hudson also noted that there needs to be some level of interoperability to see across all of the domains while exercising and doing collective training, especially as the organization is thinking about what’s going to happen in the next few years with China and other bad actors in the background.
“I think it’s a critical component we integrate multidomain and I really appreciate you guys pushing us a little bit faster than we’d like to go,” he said of the Australians.