Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
DoD standardizing, synchronizing cyber training
Monday - 1/21/2013, 5:41am EST
Planning for the new joint training approach is centered at the Defense Information Systems Agency, but involves participants from across the military.
Henry Sienkiewicz, DISA's vice chief information assurance executive, said the objective is to train military members in the cyber field on standard sets of foundational cybersecurity skills that cross the boundaries of the individual military services, rather than just teaching them how to do one specific job at one time for one branch of the military.
"We're trying to converge the efforts so that we have an end state that fully supports the Joint Information Environment, so that we're able to have cyber platoons that are trained in a standard methodology, a standard way of behaving, so that we can use them in multiple ways," he told a gathering at AFCEA's Northern Virginia chapter Friday in Vienna, Va. "We want to make sure that they're all operationally focused and that there's a curriculum behind that. It doesn't do us any good to train someone up to be a watch officer and then move them into another environment where they're totally non-useful."
Henry Sienkiewicz, vice chief information assurance executive, DISA
DISA is starting small, while it's still proving out the concept of joint cyber training. The organization is developing and piloting courses for five of the roles this year:
- Computer network defense analysts
- Server administrators
- Cyber defense auditors
- Network infrastructure specialists
- Information assurance compliance agents.
DoD plans to expand the number of roles and revise the training to account for changes in technology and military missions in 2014.
Sienkiewicz said DISA is doing all it can to synchronize its training not just across DoD, but across the federal government in line with the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology.
"We are part of the federal government, but we clearly know that there are work roles inside the DoD that have no correlation to what NIST is doing. There is not much of a need inside the NIST framework for the attack and exploit side of the workforce, and we have that," he said. "But we're trying to adhere to (the NICE framework) as best we can so that when we have a federal employee, that employee can move from agency to agency and we know they've got a common training reference that goes across the entire environment."
Dedicated time to study
Sienkiewicz said DoD also wants to standardize and institutionalize the process it uses for training cyber professionals. Rather than telling cyber experts to fit training into their day-to-day schedules, DISA envisions a process that works similarly to the way the military handles readiness in other fields. Forces would be cycled out of their day jobs periodically so they'd have dedicated time to study and train.
"We've all suffered through the idea of retraining our workforces and dropping new equipment in without taking into account the manpower and time cycles that are necessary to inject new training inside the environment. But if you look at our in-the-field compatriots in the military services, they already understand how to do that," he said. "You cycle units through, you get them in a reset mode, you get them ready, and you put them available for the force structure. We've got to be able to do that inside the cyber domain, and we've got to be able to track it."
And once DoD can track the cybersecurity readiness of its forces, it also could tell who's up to snuff and who's not. Sienkiewicz predicts commanders soon will be held accountable for the cyber readiness of their forces in a way they've never been before.
"You'll know we're serious if you start seeing flag officers getting cited on (fitness reports) or being removed from command if they're not ready," he said. "I suspect that day is coming along quicker than most people would expect. Until we see that readiness cycle and the troops really understanding how important this is, we really won't achieve the necessary ends."