11 November 2016

DoD looking at alternative methods to train hackers

November 8, 2016

DoD looking at alternative methods to train hackers

As the military steeps itself deeper into the realm of cyberspace domain, leaders are realizing that they must modify existing practices. Hackers and IT workers have always been associated with hoodie-wearing teenagers sitting in their parent’s basement, but now the military is building its cyber forces, which recently reach initial operating capability. The effort requires training traditional soldiers to become “cyber warriors” with intimate technical knowledge, and as such, the Pentagon is undertaking a series of pilots and prototypes to better understand learning practices and teach cyber skills.

These prototypes are “designed to understand the best learning practices to teach someone the cyber effects skills that we need in the department,” both offensive and defensive, said Frank DiGiovanni, director of Force Training in the Office of the Assistant Secretary of Defense for Readiness, who is spearheading the pilots. “So these aren’t training courses but the intent is to prototype different types of learning practices so we can get the” best approach to teach people this new skill set.

In an interview with C4ISRNET, DiGiovanni explained that the purpose of this training prototype is to develop better training programs by improving the way information is taught. He said the Defense Department is in a competition with the private sector to attract and retain top talent in the cyber field. “Really what this course is doing is are there efficiencies -- can we improve the speed as well as the level of competence of our graduates?” he said.

Part of the course was modeled after interviews DiGiovanni conducted, initially, with 21 of the nation’s top hackers, whom he asked one simple question: If you were going to hire someone to replace you at your company, who are you looking for?

DiGiovanni said the answers he received from these individuals was a set of traits; not technical traits, but personality characteristics. “I wanted the learning practice to understand that person they needed to recruit and then the learning practice would amplify those traits in the individual as they went through our training,” he said.

In public appearances and several interviews, DiGiovanni has said there are only about 1,000 individuals in the nation that are qualified to operate at the top levels of hacking DoD is interested in. Based on his research, he said there seems to be a coalescence around approximately 1,000 individuals in the country – both in the public and private sector – that are referred to as a master hacker. “These are not your journeymen, but master hackers that have very high end skills when it comes to being able to look at an operating system or a network and find the vulnerabilities that we need to find to protect the cyber infrastructure,” he said. “These are very high end people.”

It’s important to understand who these folks are, he said, in order to attract them to DoD. “What are their traits, how [you] identify them and how [you] help them to amplify those traits and skills,” he described as one of the pillars of his cyber training prototype.

The prototype is designed around six months of very focused set of curricula, he said. Based upon research he has done and experts he’s spoken with, DiGiovanni said high level skills can be taught in six months.

DiGiovanni has described this in the past as taking cable pullers to cyber warriors in six months, including anecdotes of cable pullers from Fort Meade that went through the program. One individual, he said, did not understand what a right mouse click was on day one of the course, yet by the time they graduated six months later, they were able to reverse engineer malware, he said. Another set of cable pullers to go through the course beat a team of individuals all with computer science degrees in capture the flag.

“The learning practice that we put in place…has proved to be very effective in teaching what we believe are not necessarily STEM skills but actually a trade. It’s a trade or a skill it’s not necessarily an academic pursuit,” he said. “The learning practice is really designed to say how do people who hack, how do they learn?”

He noted how very few top hackers have computer science degrees, adding that most of them are self-taught with a high degree of curiosity. DiGiovanni called these individuals auto-adaptive learners, “which means they have an intrinsic motivation to learn and they learn on their own. So the course is designed to understand that particular attribute of people in this community of practice.”

DiGiovanni also described two key drivers for beginning this reevaluation of training. The first relates to the transition of cyber training courses from U.S. Cyber Command and the NSA to the individual services. “Part of the course was to look at in this transition between this kind of centralized training that’s being done under the offices of NSA and Cyber Command to the services, we should take a look at the learning practices as a transition and make sure what we’re doing relates to the state of the art best practice s for teaching this skill set,” he said.

The second impetus was to try to leverage the world-class training being done at DoD and improve it to make “our margin of capability greater,” he explained.

While the cyber mission force has already reached initial operational capability and is slated for full operational capability in 2018, DiGiovanni said there are no plans to increase the workforce, which officials put at 6,200 individuals. He added that while the force is where it needs to be right now, the prototype is more forward-looking as opposed to focused on the current force.

“A lot of this is making sure that we do the best that we can in the initial training to get people that are very close to being combat mission ready. They still have to be taught the specific things they’re going to be doing in their mission set,” he said. “The raw product that’s coming to the services or coming to NSA or coming to Cyber Command…those folks are coming fairly proficient, which means that that minimizes the sped up time necessary when they get to their operational mission to be able to execute the mission.”

In terms of what’s next for the prototype, DiGiovanni said there might be one more prototype run in addition to the previous two, but nothing is firm right now. They are developing what he called a blended learning approach, which involves in-person learning with a mentor and will help scale the course. They’re also having conversations with all four services, NSA and Cyber Command for how to take lessons from the two prototypes and weave them into the practices that are being performed by those five or six agencies. “That’s kind of the way ahead,” he said. 


No comments: