By Capt. David Gasperson
335th Signal Command (Theater)
COVID-19 has transformed how Army Reserve units train throughout the country. For the U.S. Army Reserve's Cyber Protection Team 185, the pandemic has allowed them to employ their civilian experience to enhance their training during virtual battle assemblies.
Known as the "Cyber Knights," Cyber Protection Team (CPT) 185 Soldiers are security professionals both in and out of uniform. Since April, they've turned the challenges of working remotely into opportunities to enhance their readiness by using training and tools not available or accessible on the Army's network.
CPT 185 Operations Officer, Maj. Jared Hrabak said this remote training environment reflects real-world conditions for cyber Soldiers and allows them to use industry-leading tools.
"The ability to conduct training wherever is extremely beneficial," Hrabak said. "Remote working is very similar to being on a cyber mission as we would need to coordinate with others that may not be in the same geolocation."
Hrabak, a cybersecurity engineer as a civilian, said, "Working off the network, we're able to access a repertoire of cybersecurity tools that are out there for cyber professionals, many of which we use in our civilian careers."
Lt. Col. Blake Bryant, CPT 185's officer-in-charge, echoed this sentiment and said the training his Soldiers conducted during Virtual Battle Assembly has been invaluable.
"Virtual training is especially valuable to Cyber Soldiers because we're expected to operate within virtual environments," Bryant said. "Many of our Soldiers have a surprisingly advanced information technology infrastructure at their homes or through arrangements with their civilian work, which they have been able to incorporate into training that would not have been available in a traditional setting."
Bryant, an assistant professor of practice at the University of Kansas, where he develops cybersecurity curricula, said virtual training worked better than the unit’s previous in-person training events because they typically have Soldiers located in at least two different locations scattered across state lines during training weekends.
In August, during their most recent Virtual Battle Assembly, Hrabak, using expertise from his civilian career, contacted Cisco to host a Cyber Defense Clinic for the cyber protection team.
During that training, Soldiers participated in a "Threat Hunting Workshop."
Threat hunting is when computer security experts look for and root out cyber threats that have secretly penetrated their computer network. It involves looking beyond known alerts or malicious threats to discover new potential threats and vulnerabilities.
"The training allowed our Soldiers to work with an advanced set of integrated cybersecurity technologies and see hacking tools in action," Hrabak said. "They also gained hands-on experience defending critical data."
Sgt. Adam Smith, a host analyst from Arizona, said that the training during Virtual Battle Assemblies is the best he's received.
"As a student in an IT Master's program, I would argue that this has been the best training I have received so far," he said. "I have been learning about new tools and skills to improve my readiness to enter the cyber or IT industry as a civilian and be what the Army needs as a Cyber Soldier."
CPT 185 also built a "Boss of the SOC" challenge. A "SOC" is a Security Operations Center where cyber Soldiers monitor and analyze activity on networks, servers, endpoints, databases, applications, websites, and other systems.
Boss of the SOC is a blue team vs. red team capture-the-flag training event where Soldiers use programs and other tools to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment.
The challenge emulates how real security incidents look. The blue team members serve as the internal cybersecurity staff, whereas the red team is the external entity with the intent of breaking into the systems.
Master Sgt. Ruben Castillo, the senior enlisted leader for CPT 185, said that using these commercial resources not accessible from the Army's network increased the team's productivity and training value.
"Leveraging our Soldiers' dual status, commercial experiences, and resources, we've been able to train on current-industry cyber tools, cyber clinics, and training modules," he said. "Using collaborative platforms to exchange information and conduct training within the real-world cyber environment domain duplicates how we truly fight."
One important collaborative tool that the cyber protection team used during their Virtual Battle Assemblies is the Department of Defense's Commercial Virtual Remote (CVR) Environment.
CVR, at the moment, is accessible from the Soldiers' personal devices.
Through using the CVR and commercial internet, the cyber protection team has bridged a gap that often exists for Army Reserve Soldiers: a limited number of computers to complete training over a weekend and a network bogged down by thousands of concurrent users.
"We have benefited from the fact that every Soldier has a stable internet connection and a computer to work from to complete tasks and training," Hrabak said. "Sometimes, in a reserve facility, we are limited by computer resources or network downtimes. The ability to train wherever we are and not require the Army’s secure network is extremely beneficial."
According to Hrabak and others in the unit, working from home on commercial networks and personal devices has allowed them to train during the pandemic, save taxpayer dollars, and modernize.
"Virtual BTA cuts out travel time, expenses, and all but eliminates issues with accountability," Smith said. "It is convenient for briefings because on the CVR, it is easier to take notes on a computer than a green book. Furthermore, we can record video chats as a reference for an AAR."
Smith commented on the degree of personal liberty that virtual training gives Army Reserve Soldiers who often leave their families, traveling long distances for training.
"Soldiers are often conflicted between personal opportunities and duty. Virtual training can afford the opportunity to attend duty and pursue personal opportunities.” Smith said
Although Smith and others in the unit touted the benefits of working virtually, they acknowledged the need to meet together in person for weapons training, physical readiness training, and esprit de corps building.
They also said that they made adjustments after getting everyone on the CVR.
"When you have an open-door policy, how do you keep that policy in a virtual environment? How do you show other Soldiers that you are on a call and that maybe they want to be next in line?” Hrabak said.
To combat these new obstacles, CPT 185 set up multiple channels in the CVR allowing for greater collaboration and providing Soldiers access to leaders in the organization.
"We have been able to set up a general channel for our team, and we are all doing collective training or individual tasks with everyone's support," Hrabak said. "We also have a leadership section that is always on and allows the leadership to have an open-door policy. Soldiers can jump into that channel and discuss things that they need to address."
While drilling virtually presents new challenges, CPT 185's officer in charge is confident in his Soldiers' abilities to wield these tools as force multipliers for future hybrid or in-person training events.
"The feedback and mentoring our leaders can provide through online collaboration tools has contributed greatly to improving the team's collective knowledge, skills, and abilities as a whole," Bryant said.
"Previously, more experienced Soldiers could conduct over the shoulder training with those around them, whereas now, it is possible to accomplish the same or more with screen sharing and live demonstrations across limitless distances."