Panel showcases talent, provides glimpse into Army cyber operations
By Joe Lacdan October 23, 2017
WASHINGTON -- The Army Cyber Command is recruiting a variety of cybersecurity talent from industry, government and academia to bolster the service's cyber teams.
In an effort to showcase that talent and offer a glimpse into cyber operations, Lt. Gen. Paul Nakasone, ARCYBER commanding general, hosted a panel of specialists from cyber protection teams, the 780th Military Intelligence Brigade and the Cyber Protection Brigade Oct. 11 at the Association of the U.S. Army Annual Meeting and Exposition.
Army Cyber Commands' units include both Soldiers and civilians from diverse backgrounds in cybersecurity and intelligence. The panel featured 1st Lt. Alvaro Luna, a tactical offensive cyber ops planner; Staff Sgt. Scott Stappenbeck, tactical cyber ops team member; Capt. Sean Eyre, a network defense lead; Maj. Josh Rykowski, a cyber protection team lead; Vince Walker, a target analyst; and Nakasone.
Luna, a Fairfax County native, is part of an Army pilot program to integrate cyber into tactical fighting formations. Walker is a Department of the Army civilian who has worked in cybersecurity for three years. Rykowski and Eyre are members of the service's only defensive cyberspace unit at Fort Gordon, Georgia.
Currently 41 of the Army's active cyber protection teams are operationally controlled by U.S. Cyber Command. The teams are generally 80 percent military and 20 percent civilian. Nakasone said an additional 11 cyber protection teams will be built from the Army National Guard and 10 from the Army Reserve.
The additional teams will bring additional capacity as Cyber Command continues to build its capabilities to combat online threats.
"When we built our teams, we knew that we wanted to have longevity in some positions," Nakasone said. "Having 20 percent of our force be from the Department of the Army civilian work core was important for us just because we knew there was a stability there and an experience there. That was an important piece of building our capabilities over time."
Nakasone said it was a priority to hire team members who could remain at the position for an extended period of time and handle the work hours required.
Team members discussed the importance of education and working closely with company commanders so they are aware of their options and capabilities.
"I would say the No. 1 challenge is the educational piece," Luna said. "Making (the commanders) understand what we can do so they have a plethora of choices to what they're doing on the battlefield. We're just adding one more tool."
In order to combat a threat, Luna said that cyber operations planners must carefully study their primary environment. He said situational awareness of a particular location -- knowing the type of router, switcher or type of network infrastructure -- is crucial to understanding a particular threat.
"There is no magic button that it takes to come on time and access and understand the environment that you're working in," Luna said. "So if you understand that environment, then we can tailor certain effects."
"Our team has had high operational tempo," Rykowski said. "…There's definitely a wide range of missions for us to conduct and just coming into our own as a brand new brigade, brand new unit, brand new domain -- we're trying to get our capabilities out to customers as well and to ensure they understand the capabilities that we provide."
Rykowski said that the cyber protection teams' tool kits provide members with the capability to defend against online threats, while allowing the flexibility to adapt and adjust to the characteristics of the adversary.
"We can reconfigure it on the fly," Rykowski said. "So when we do that mission analysis, when we receive the first mission and we sit down and try to think through what capabilities we need to bring to bear based on the potential adversary that we're hunting, we can set those capabilities up ahead of time … While we connect our kit directly to the network, we have defenses within the kit to ensure that we ourselves do not get exploited if the adversary is still in the network."
|Join the GlobalSecurity.org mailing list|