The Army is looking to provide its units, commands and installations with new critical defensive cyber tools and platforms.
Col. John Transue, capability manager for cyber at the Cyber Center of Excellence at TechNet Augusta described several capabilities that the Army has already approved requirements for. These include, a garrison defensive cyber platform, a deployable defensive cyber system, cyber analytics, a defensive cyber tools suite, defensive cyber planning, a tactical defensive cyber infrastructure, a tool for insider threats and a tool for forensics and malware.
Many of these tools are suited more for the mobile and expeditionary force, though they can be used for larger installations. For example, on the tactical infrastructure side, Transue noted that commanders are often using mission command platforms that are susceptible to cyber intrusions and need to be protected.
But because the cyber landscape is evolving quickly, the equipping community wants to get tools to the force in real time.
“We are not committing to ‘This is the tool,’ and then we’re going to buy it to field to everyone. What is the problem set we’re facing today, what’s the best tool for it and let’s put it in the tool kit,” Brendan Burke, deputy program executive officer at Program Executive Office Enterprise Information Systems, told Fifth Domain.
Burke said the approach his office is using allows staffers to identify needs and pick the best of breed before buying. He pointed to the office’s Forge, where industry officials can test their cyber tools, as a chance to put their money where their mouth is.
“It’s not show me a PowerPoint of how you do it. It’s prove to me that your tool solves my problem. Okay it does? We’ll buy it, we’ll sustain it until the next one comes around. Then we don’t need it anymore,” he said.
The Army is also pursuing capabilities in advanced sensors, threat discovery and counter-infiltration, threat emulation and a defensive cyber development environment. Transue said.
In the future, Transue said, myriad devices will be connected at the tactical level through mission command platforms, internet of things and weapons systems. The Army will need advanced sensors to know what is happening on each.
This development environment will serve as a cyber armory for defensive cyber operators. Much like a physical armory houses the bullets and rifles for soldiers, a cyber armory will allow Army cyber protection teams to pick and choose which tools they need for missions. They will also provide the program office feedback on these tools to make improvements in the future.
Joe Kobsar, director of applied cyber technologies within the defensive cyber operations program at PEO EIS, told Fifth Domain that after receiving their mission, the defensive cyber soldiers will enter the armory, essentially a graphical user interface, select the tools they need and load them onto deployable kits.
Upon returning, Kobsar said the program team will gather metrics such as how much memory was actually needed and what type of storage was needed.
The service has also begun to embrace the idea of embedding developers alongside operators as a way to more rapidly create capabilities.
At Fort Gordon, offices have previously said that with the entire Army cyber force residing there – the Cyber Center of Excellence, the school house, the defensive cyber force in the cyber protection brigade, the offensive force in the Joint Force Headquarters-Cyber and Army Cyber Command headquarters moving there in 2020 – it creates an incredible synergy.
This allows for doctrine writers, requirements writers and the program staff to sit with the operators and pull lessons in real time.
Kobsar said on the program side, Army officials are also embedding personnel with the cyber protection brigade to learn how to sustain capabilities from a lifecycle management perspective.