New Equipment Training Collaboration Day UNCLASSIFIED FOUO Agenda
New Equipment Training Collaboration Day UNCLASSIFIED // FOUO
Agenda Purpose 1: 00 pm - 1: 05 pm Acquisition SME Welcome ACC-RI 1: 05 pm - 1: 10 pm Agreements Officer/ACC-RI N. E. T Way forward 1: 10 pm - 1: 20 pm Product Service Division (PSD) Director N. E. T Background 1: 20 pm - 1: 25 pm Deputy Product Manager/CPS PM DCO Program of Records (PORs) 1: 25 pm - 1: 50 pm PORs Assistant Product Managers (APMs) 10 minute break Persistent Cyber Training Environment 2: 00 pm - 2: 30 pm U. S Army PEO STRI Training Audience/N. E. T Methodology 2: 30 pm - 2: 50 pm Deputy Product Manager/CPS 10 minute break 2: 50 pm - 3: 00 pm Question Panel 3: 00 pm - 4: 00 pm Agenda Speakers Closing Remarks 4: 00 pm - 4: 05 pm Deputy Product Manager/CPS Industry Collaboration 4: 05 pm - 5: 05 pm SOSSEC Leads UNCLASSIFIED // FOUO 2
Purpose § Welcome Industry § Government & Industry Collaboration UNCLASSIFIED // FOUO 3
Welcome ACC-RI § Recognizes issues regarding procuring NET training in a timely and efficient manner. § Discussion Topic: How can the Government better incorporate NET training into its market research and solicitations? Can vendors support both supplying the hardware/software and the NET training? UNCLASSIFIED // FOUO
Welcome Product Support Division Director § Government Training Manager established to support N. E. T. § How do we innovate the N. E. T concept while still addressing Army Regulation (AR) 350 -1 guidance § Consider collaboration/version control technologies (Git Hub, Bitbucket, etc. ) to manage training content as code § Non-Proprietary training content is required UNCLASSIFIED // FOUO
Background § PM DCO: Identifies NET Capabilities § Net training for all DCO Programs of Record § Way ahead: § Integrator will provide integrated POI § High-level strategy and details written by TSP/Integrator § PM DCO will deliver fielding packages as part of fielding strategies § Net Training Methodology UNCLASSIFIED // FOUO 6
Program of Records § CPS § Kyle Tucker § George Pegram § CAD § LTC Peter Amara § Marquita Harris UNCLASSIFIED // FOUO
Assistant Product Manager Cyber Maneuver § Defensive Cyberspace Operations System Modular (DDS-M) § Program of Record System. § Integrator has developed training package for 2 day (operator) and 10 day (Master Gunner). § Integrator currently updating training package as software code is updated § Expectation § Take over documentation development and maintain updates as solution evolves § Develop and/or integrate a virtual instantiation into PCTE § Garrison Defensive Cyberspace Operations Platform (GDP) UNCLASSIFIED // FOUO
Assistant Product Manager Mobility Incident Handling § The DCO Tools Suite RDP defines the required capabilities that allow CPTs, RCCs, and other cyberspace defenders to perform DCO and cybersecurity tasks based on mission, threat, and/or directives. § All DCO Tools will operate on the Non-Secure Internet Protocol Router Network (NIPRNET), Secure Internet Protocol Router Network (SIPRNET), Defense Research and Engineering Network (DREN), and other designated networks. § Currently have 11 capabilities (Terrain Analysis, Vulnerability, Command Control, Event Correlation, Remediate and Clear, Network Visibility, Intel Support, Devsec. OPs, Threat Emulation, Forensics and Malware, and Industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA). § Current Training Model § Schoolhouse schedules § Various training methods § In Person online, In Person on site, Virtual, Simulation and Mission Focused UNCLASSIFIED // FOUO
DCO Mission Planning (DCOMP) § DCOMP is the lead system application integrator that is webbased, scalable, and a Warfighting capability for Army Cyber soldiers. § Allows commander to perform human resource allocation activities of their cyber soldiers for team mission setup § Mission execution framework that provides a real time, dynamic environment for cyber defenders to collaborate, plan, manage and execute DCO’s missions. UNCLASSIFIED // FOUO
Cyber Analytics & User Activity Monitoring (UAM) • Cyber Analytics: The CA capability offers interfaces and visualizations accessible by cyberspace defenders at all levels to facilitate counter-reconnaissance activities meant to discover the presence of advanced or sophisticated cyber threats and vulnerabilities. The cyberspace analytics capability offers an integrated platform that can be leveraged across all security enclaves (NIPRNET, SIPRNET, and JWICS) to enhance both Defensive Cyber Operations and Department of Defense Information Network (DODIN) operations • UAM: Software-based, scalable solution that proactively identifies internal risks associated with theft or misuse of critical, mission essential data. Assists with the establishment of the Army’s Insider Threat (In. T) Program that utilizes full-spectrum solutions to assess, deter, deny, defend, defeat, and evolve against the insider threat. Facilitates the ability to identify insider threats based on evaluation of policy violations and the capture of certain risk behaviors that rate the likelihood of an incident caused by a trusted insider. • Training will be delivered in a variety of methods and is dependent on the type of capability being deployed: § Onsite Training: Vendor provided as requested by the Unit or coordinated by ARCYBER based on Unit needs § Web-based Training: Available online via BDP; Updated as capabilities are enhanced or deployed UNCLASSIFIED // FOUO
10 minute break UNCLASSIFIED // FOUO
Persistent Cyber Training Environment Training Content Generation Amit Kapadia Rick Osborne 11 Feb 2020 PEO STRI / Pd. M CRT UNCLASSIFIED DISTRIBUTION STATEMENT A: Approved for public release: distribution unlimited. © 2019 The MITRE Corporation. All rights reserved. For internal use only. 11 February 2019
Purpose, Core Tenets & Axioms • Purpose: – Inform industry on the vision of Persistent Cyber Training Environment (PCTE), current capabilities, how the platform is being used across the cyber training continuum, and how to create and execute content. • Core Tenets: – Gov’t-led agile integration – Best-of-breed integration is in current, working state executing under limited training utilization for operational feedback – not a fully finished product – Platform Development Kit (PDK) codifies emerging platform baseline with initial layered reference architecture, technologies & evolving APIs • Axioms: − Focus on platform capability delivery to the operational force − Achieve vendor integration iteratively, incrementally vice big bang up-front − Employ agile methodology to incorporate operational feedback, fill gaps, manage dynamic priorities & increase enterprise platform capability breadth/depth DISTRIBUTION STATEMENT A 14
PCTE Agile Vision FOR Cyber Mission Forces (CMF) Need a High Fidelity, Persistent Training Environment to Conduct the Spectrum of Cyberspace WHO Operations THE PCTE provides a holistic, on-demand platform Enables end-to-end planning, preparation, execution & assessment across the training THAT continuum UNStove-piped, manpower & time-intensive training environments LIKE Provides a standardized platform with ecosystem of capabilities to shape, execute & re-use multiple training environments/scenarios DISTRIBUTION STATEMENT A 15
PCTE CMF Storyboard Train as You Fight: Challenging, Rigorous, Realistic, Repetitive Training DISTRIBUTION STATEMENT A 16
Key Features Core Competencies EVENTS View and create Events for team exercises and training. TRAINING Individual & team-based training in a safe & controlled environment CONTENT Author and manage all training content; create and manage VMs and networks. ASSESSMENTS Individual and team assessments based on Do. D readiness criteria ANALYTICS AND REPORTING Report on both individual and team performances and event metrics. MISSION REHERSAL Rapid creation of high-fidelity tailored environments for mission rehearsal ADMIN Administer individuals and groups in a multi-tiered organizational structure. PRODUCT TESTING Development of testing of new tools and capabilities for use by the Cyber Mission Force TECH OPS Performance monitoring of infrastructure, network activities, and resource usage. DISTRIBUTION STATEMENT A 17
Types of Content in PCTE Network maps used to deploy virtualized networks Pre-configured virtual machines with various operating systems and services used to build a network Descriptions of ‘Hardware in the loop’ assets used as placeholders in virtual networks within PCTE Collection of Training Packages that are presented to the participants of an Event Collection of Content Modules that are presented to the participants of an Event Collection of ‘tasks’, or questions, that an Event Participant must answer DISTRIBUTION STATEMENT A 18
Content App DISTRIBUTION STATEMENT A 19
Events App DISTRIBUTION STATEMENT A 20
PCTE Cyber Training Continuum Individual pre-scripted guided instruction using a personal virtualized network or machine Multiple users interact with a shared virtualized network to complete training / rehearsal tasks Mission-Specific Skill Building (Cyber PT) Individual Qualifications Mission Rehearsal Crew Qualifications Team Assessment Force-Level Exercises Cyber Flag DISTRIBUTION STATEMENT A 21
Event Creation Workflow DISTRIBUTION STATEMENT A 22
PCTE Content Creation - Define a Network Create a reusable network in the PCTE ‘Content’ app Create a ‘Network Spec’ using… 1) the wizard 2) from scratch or 3) an existing spec Configure and deploy your network Log directly onto the network and configure it / pre-populate it with tools, files, logs Once fully configured, save a ‘Clone Source’ of the network to re-use in training events DISTRIBUTION STATEMENT A 23
PCTE Content Creation – Create a Training Event Use your network in a training event Create a lab for individual users to follow guided questions and interact their own personal network Create an exercise for multiple users interacting with one network DISTRIBUTION STATEMENT A 24
NET Training Integrated Program of Instructions Tactical DCO Infrastructure Deployable DCO System Garrison DCO Platform Threat Discovery User Activity Monitoring Advanced Sensors Cyberspace Analytics Forensics + Malware Threat Emulation DCO Tools Mission Planning Integrator TSP • • • Technical Manuals Slick Sheets Classrooms Videos Distance Learning Persistent Cyber Training Environment Features given for every program 1 Program-ofrecord vendor delivers training package 2 Training package will be contractor -furnished equipment to the integrator 3 Integrator develops comprehensive training-and- development package (including course catalog for each program of record ) and program instructions for Soldiers UNCLASSIFIED // FOUO 4 Gunnery Tables Joint Qualification Requirements Students Deploy training plan to COMPO 1 -3, tactical, and RCC 5 Soldiers evaluated on course performance and level of proficiency
UNCLASSIFIED Who Receives NET Training MDTF CWSB ARCOG ACOIC DCO CPB 91 st NETCOM RCC DCO NET Operational Self-Development NET Regional Cyber Training Centers Trainer 1 Trainer 1 Operational Self-Development § Leverage existing RSTS structure § Centralized requesting, scheduling, and receiving training § Consolidated resources (classrooms, training aids, infrastructure) § Vendor independent UNCLASSIFIED // FOUO
10 minute break UNCLASSIFIED // FOUO
Questions Panel UNCLASSIFIED // FOUO
SOSSEC Membership is Required for COBRA Awards Benefits of Joining the SOSSEC Consortium ü Opportunity to perform work under seven (7) OTAs for the Air Force, Army and National Geospatial-Intelligence Agency ü Opportunity to build members’ business base by applying their technologies/expertise to meeting urgent Do. D requirements ü Simple, streamlined process to compete for Do. D work ü Average 60 days from requirements definition to award ü Flexible treatment of intellectual property ü OTA access to any Do. D user with approval of OTA customer Go to www. sossecinc. com and click on the JOIN NOW Tab to access the membership application. The process is simple and rapid. There is no joining fee, and the membership fee is $500 per year. Membership is open to Industry (traditional, nontraditional, small business), not for profit and academic institutions that share the values of the SOSSEC Consortium.
Closing Remarks § Thank you for coming!! Point of Contacts: Tracy Glenn: Tracy. j. glenn 2. ctr@mail. mil Rosa Johnson: Rosa. w. johnson 2. ctr@mail. mil UNCLASSIFIED // FOUO
New Equipment Training Collaboration Day UNCLASSIFIED // FOUO
- Slides: 31