How the military is implementing cyber security training

Defence Online’s Ciara Houghton takes a look at how the military is integrating cyber security training as it takes on a growing importance in defence.

Technological advancements in recent years, alongside an increase in sophisticated attacks, have shown the need for cybersecurity training. Many military organisations are exploring the most efficient ways of securing a workforce that can maintain security across computer systems. The increasing use of IoT presents a number of opportunities for hackers and requires an entirely different approach to security compared to single computer systems. Many defence organisations are hoping to use similar technology to control large numbers of unmanned vehicles at the same time. After a number of large-scale cyber attacks on government organisations in recent years, cybersecurity has become a larger priority for defence.

Last year, the MOD opened a ‘cyber security school’ near Swindon. The Defence Cyber School is part of the Defence Academy in Shrivenham and will explore skills in line with the National Cyber Security Strategy Objectives. The centre aims to address specialist skills and wider education. It comes as a joint investment between the MOD and the National Cyber Security Programme. The MOD hopes to develop specialist teams to counter overseas attacks.

The MOD wants to develop ‘threat hunters’ to easily identify any nefarious activity. The British government’s National Cyber Security Strategy outlines plans to close the skills gap in cybersecurity, one objective is to attract more young people to the workforce. This includes making cybersecurity a larger part of training courses. The strategy criticises a lack of pathways into careers through training. In response, it calls for collaborative government intervention through different departments as well as academia and industry. The government is aiming for a ‘homegrown’ supply of cyber specialists.

In the US, the National Initiative for Cybersecurity Careers and Studies provides courses to educate and provide career pathways. This includes formal education as well as vocational skills. Training is online and accessible at any time. The training offers certification to ensure career pathways. The European Defence Agency (EDA) is aiming to develop its own courses covering a range of skill levels. The courses will be available to all member states. The EDA also offers ‘forensic’ cybersecurity, examining attacks after they have occurred.

The MOD has also emphasised the need to close the ‘skills gap’ and train existing staff. The government strategy explains the need for both short term intervention to provide a response to threats as they happen and long-term plans to create a workforce fully equipped to deal with any threats. The government has promised to create a ‘self-standing skills strategy’ that builds on capabilities already in the workforce.

The Cyber Defence Academy provides online training across the MOD to train staff in both specific skills and wider education. They have also encouraged collaboration across government departments and aim to ensure the MOD has access to cyber specialists. The US DOD Cyber Training Academy allows personnel to access online courses and virtual tools to improve their knowledge of security procedures. Managers can identify courses needed for the roles of personnel under their supervision. They can also approve course requests and monitor student progress. Through the academy, personnel can gain certification on courses and advance through the DOD or use it to stay up to date with cybersecurity procedures. Certificates available include Digital Media Collector, Cyber Crime Investigator, and Digital Forensic Examiner. The DOD hopes to encourage career progression among staff. The academy aims to establish Defence computer systems that are secure from counterintelligence, criminal and fraudulent activities and criminal and unauthorised use.

As well as training human staff, many Defence institutions are looking at the automation of computer systems to provide greater security. Many cyber attacks have become automated, creating a need for an automated response. As hacker’s techniques become more sophisticated, they could intercept a computer system and compromise it in minutes, much faster than even the most advanced cybersecurity infrastructure can respond to, meaning systems should pursue built-in responses. Recent attacks have used automation, infecting multiple systems within an institution.

Advances in AI and machine learning make it easier to automate processes. An IBM cybersecurity survey earlier this year found a need for greater automation in cybersecurity processes, with less than half of companies using the technique. The survey found that organisations responding quickly to cyber attacks save more money and information than those that don’t.  The US DOD Cyber Strategy released last year listed automation as a priority. The strategy details a plan to use enterprise solutions to operate large-scale data analysis to identify suspicious activity across systems. They aim to be able to compete with the capability of hackers armed with cutting edge technology.

Earlier this year the Pentagon warned that DOD cybersecurity was not keeping up with technology, but said that AI and automation had made some progress. The report emphasises the need to recruit more cybersecurity experts but added that this needs to work alongside automation to ensure systems are properly protected.

The DOD has created a programme to train military veterans for cybersecurity roles. This is mainly focussed on filling civilian cybersecurity roles, and also hopes to improve general national security in the US. US-based IT training firm CompTIA developed an apprenticeship programme directed at veterans and their family members. The apprenticeship offers certification through classroom-based training.

The US offers a number of cybersecurity apprenticeships to veterans through state authorities. CyberVetsUSA, a programme launched by Cisco Systems, teaches skills to veterans, reservists, national guard members, military spouses, and transitioning service members. The online training aims to fill the vacancies in the growing cyber workforce.

The British Institute for Apprenticeships offers qualifications to school leavers providing training in general cybersecurity and specialisms. These apprenticeships teach skills such as cybersecurity in ICT infrastructure, threat trends, and basic theory. These apprenticeships provide career pathways into wider industry, but the UK government also offers roles in national security. IT apprenticeships are available across the British armed forces as well as in government security. The RAF offers apprenticeships in cyber communications and cybersecurity, which give training alongside qualifications. The apprenticeship is open to personnel, leavers, reservists, civilians and veterans with technical skills. Cyber communications and intelligence apprenticeships are also available through the RAF.

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

The post How the military is implementing cyber security training appeared first on Defence Online.