Are we doing enough to secure modern DoD virtual training?

13

For much of the U.S. military’s history, live training has been key to preparing personnel for their missions. However, staging a live training event can consume significant physical and financial resources, from aircraft, ground equipment and ships to all the personnel involved. Plus, the risk of accidents resulting in damage to equipment, or worse yet, endangering personnel, can increase. That’s why the military started utilizing virtual training to provide many of the same positive benefits while minimizing the negative impacts of live training. These benefits, including personnel safety, readiness improvement and cost reduction, have led the military to take training a step further and utilize live, virtual and constructive, or LVC, training that brings together multiple systems using networking and even cloud capabilities. LVC training allows personnel not physically present at a live training event to participate virtually and through constructive simulations that inject battlefield effects (and simulated or constructed threats) into live systems. A recent example of LVC training is the Air Force’s investment in a common software architecture for its training simulators, creating the Simulator Common Architecture Requirements and Standards program. Also, the Navy, Marine Corps and Air Force are all looking to connect simulators and live assets to enhance air warfare training. Commercial off-the-shelf tech As LVC technology advances, commercial off-the-shelf technologies play an increasingly critical role. By leveraging the advances in commercially available IT, the Department of Defense can gain significant advantages, including reduced development and deployment times as well as the ability to reuse capabilities to gain significant efficiencies. Advanced server technologies and cloud capabilities can maximize reusability and rapid reconfiguration of infrastructure for numerous training needs. However, there are some major cyber-related threats and risks that LVC constructs should be prepared for. If left unaddressed, these threats and risks could disrupt the training of our military forces and ultimately provide an advantage to adversaries in the real battlespace. Cybersecurity There are major cyber-related threats and risks that apply to LVC training constructs. Much of the LVC information and data is classified. LVC utilizes Commercial Solutions for Classified, or CSfC, a National Security Agency program that leverages properly configured, layered solutions to provide adequate protection of classified data in a variety of different applications. CSfC capitalizes on industry innovation by using commercial off-the-shelf software and hardware products with commercial encryption to protect critical data. The Marines want to test all recruits for cyber skills The test provides another tool for talent management in an increasingly modern battlefield. By: Mark Pomerleau But there are still security risks beyond classification that need to be addressed. Here are some cybersecurity strategies to consider: Reduce the attack surface: Zero trust or white list segmentation can greatly reduce a cyber adversary’s maneuverability within an operational space in the event of an attack. Maintain an accurate and timely view of the threat landscape, segment access based on roles for devices, people and applications, and utilize security policies that are software-driven to support rapid changes based on threats and real-world environments. Build trust to mitigate risks: The DoD must be able to depend on the value chain of its hardware, software and services. Commercial off-the-shelf capabilities should be based on trustworthy systems that incorporate advanced technologies such as secure boot and run-time checks to build this trust. Identify and mitigate risks quickly: To keep up with evolving threats, an intent-based network can serve as both a cyber sensor and enforcer of security policy, leveraging artificial intelligence and machine learning to move at machine speed and counter advanced threats. Software-defined networks can also provide the ability to rapidly reconfigure given changes in real-world conditions or across various training scenarios. Manage compliance in the cloud: As LVC training operates partially within the cloud, specialized cloud security tools should be considered. That includes multifactor authentication, restricting application access, enforcing automated contextual policy-driven response actions, and implementing user and entity behavior analytics to protect against compromise. Use an effective cybersecurity architecture: An effective cybersecurity architecture, one that offers deeper visibility and intelligence, should enable the ability to detect and resolve advanced threats and speed responses to incidents. It should also enhance the capability to investigate forensic data so agencies can gain more knowledge from every attack and constantly improve cybersecurity posture. As the military continues to explore the use of LVC training and simulation, and blends real equipment and personnel with virtual assets, commercial off-the-shelf IT capabilities will enable high fidelity, speed and immersive training experiences to grow skills and develop proficiency for our military forces. By combining LVC with the right cybersecurity strategy, the DoD can securely achieve significant benefits in costs and efficiencies, as well as lower stress on existing systems, reduce wear and tear on operational systems, and decrease the chance of mishaps, which can occur using traditional live training. Building LVC capabilities on a sound IT architecture minimizes cybersecurity risk and ensures the mission is accomplished. Joe Beel serves as a defense industry strategist for Cisco Systems. He retired from the U.S. Navy as a captain, having served as a helicopter pilot, flying from frigates and cruisers, and as an acquisition professional.

Leave A Reply

Your email address will not be published.