Cyber Workforce
Development
Trained and Ready Cyber Teams
Mr. Michael Hudson
J72, Training & Readiness Division Chief
U.S. Cyber Command
27 June 2013
1
Overview
UNCLASSIFIED
• Issues/Challenges
• USCYBERCOM Missions and Operations
• Requirements to Operate in Cyberspace
• Cyberspace Operations
• J7 Vision/Mission
• Technical Workforce Challenges
• Joint Training System
• Joint Mission Essential Tasks
• Workforce Management
• Workforce Framework
• Training Spectrum
• Example of Individual Certification
• Example of Cyber Training Venues
• Summary
• Questions
UNCLASSIFIED
2
UNCLASSIFIED
Issues/Challenges
THE CHALLENGE
• We are currently preparing students for jobs that don’t yet exist, using technologies that haven’t
been invented in order to solve problems we don’t even know are problems yet
• The U.S. Department of Labor estimates that today’s learner will have 10-14 jobs by the age of 38
THE COMPETITION
• China will soon become the #1 English speaking country in the world
• 25% of India's population with the highest IQs is greater than the total population of the U.S.
• The top 10 highest demand jobs in 2010 did not exist in 2004
THE FUTURE WORKFORCE – GENERATION Y
• Multitasking
• Optimistic outlook – self-confident
• High expectations – questioning
• Technical savvy
• Job hoppers – career progression less important than
personal pursuits
• Huge potential for miscommunication, low morale, and poor
productivity in generational workforce
UNCLASSIFIED
3
UNCLASSIFIED
USCYBERCOM Missions and Operations
USCYBERCOM plans, coordinates, integrates,
synchronizes and conducts activities to: direct the operations and defense of specified
Department of Defense information networks and; prepare to, and when directed,
conduct full spectrum military cyberspace operations in order to enable actions in all
domains, ensure US/Allied freedom of action in cyberspace and deny the same to our
adversaries.
Defend the Nation
Cyber National
Mission Force
Operate and Defend
DoD Information
Networks (DODIN)
Cyber Protection
Force
CCMD Support
Cyber Combat
Mission Force
3 Lines of Operations - Running Throughout the Mission Areas
1.DODIN Operations
2.Defensive Cyber Operations (DCO)
3.Offensive Cyber Operations (OCO)
UNCLASSIFIED
4
UNCLASSIFIED
Defensible
Architecture
Trained & Ready Cyber Teams
Operate
&
Defend
Govern
Operational Concept
Authority to Act
in Defense
of the Nation
Global Situational Awareness
UNCLASSIFIED
5
UNCLASSIFIED
(U) What it Takes to do Cyber Operations
Attribute
Attacks
Develop
Crypto
Defensive
Response
Identify
Attacks
Attack
Targets
Harden US
Networks
Assess
Effects
Produce
Intelligence
Identify
Targets
Target
Process
& Store
Data
Develop
Intelligence
Intelligence Analysts
Deploy
Capabilities
Defeat
Encryption
Collect
Data
Linguists
Network
Operators
Capabilities
Developers
Accesses
Cryptanalysts
Access Enablers
Network Analysts
Net Warfare
Planners
Cyberspace Operations:
UNCLASSIFIED
Intelligence Community, Military, Foreign
Partners, Industry
6
UNCLASSIFIED
J7 Vision/Mission
• (U) Develop agile, flexible training to prepare world-class, fully capable cyber forces for the
present and future, through focused common standards, training engagements, and career
training management for individual through collective training and education to support the
Command’s cyberspace operations missions.
– (U) Individual training
• (U) Advise recruiting and assessment qualification standards
• (U) Advise Service School and Branch Qualification Training
• (U) Develop certification for advancing roles and responsibilities
– (U) Information Assurance Workforce Improvement Plan
– (U) Joint Individual Training
– (U) Joint Work Roles and Responsibilities
• (U) Advise and engage continuing education
– (U) Joint Professional Military Education
– (U) Public/Private University System (Defense Universities, Public/Private Institutions)
– (U) Collective Training
• (U) Training and Certification Events (e.g., Cyber Flag)
• (U) Cyber-focused Exercises (e.g., Bulwark Defender)
– (U) Retention
7
UNCLASSIFIED
7
UNCLASSIFIED
Technical Workforce Challenges
Future Workforce Population
Trending Down
Future STEM Graduates
Trending Down
• What are the real drivers influencing the trend lines?
• What are some of the solutions?
• How can we leverage the brain trust looking at these problems?
8
UNCLASSIFIED
8
UNCLASSIFIED
Joint Training System (JTS)*
Phase 1. REQUIREMENTS
• Joint Mission Essential Tasks
• Missions/Orders/Strategy/Policy
• Work Roles/Standards
Phase 2. PLANS
Phase 4. ASSESSMENT
• Joint Training Plan
• Training and Readiness Manual
• Joint Cyberspace Training and Certification Standards
• Joint Training Information Management System
• Defense Readiness Reporting System
• Lesson Learned
Joint Exercise Life Cycle
Plan
Evaluate
Prepare
Execute
Phase 3. EXECUTION
• Combatant Command Tier 1 Exercises
• Cyber Flag, Cyber Guard, Cyber Knight
• Cyber Wargame
*CJCSM 3500.03, Joint Training Manual
“It is important…to assign responsibility for the JTS across all disciplines within your staff. The processes of JMETL
development, of determining training objectives, and of developing the Joint Training Plan all require the skill and
corporate knowledge of many people.’”
Joint Training System Primer
UNCLASSIFIED
9
UNCLASSIFIED
Joint Mission Essential Tasks

JMET Development
–
A JMET describes the essential tasks for a joint
commander and includes associated conditions and
measurable standards
–
JMETs are identified by reviewing plans and OPORDS
for executing a mission
–
JMETs are identified using the UJTL as a common
language
An essential task is defined as one
where the mission has a high
probability of failure if it is not
accomplished successfully.
UNCLASSIFIED
10
UNCLASSIFIED
UNCLASSIFIED
JMETL Development Process
1. Conduct Mission Analysis to Determine
Specified & Implied Tasks
2. Select Mission Tasks from Universal
Joint Task List (UJTL)
3. Determine Essential Tasks from Mission
Tasks
4. Identify Responsible Organizations
5. Describe Conditions
6. Establish Standards
7. Identify Supporting, Command and
Linked Tasks
8. Commander Approves JMETL
The methodology for constructing the JMETL, when properly conducted, ensures
that joint training is requirements-based, trains the force the way they intend to
operate and is focused on essential tasks that accomplish theater missions.
UNCLASSIFIED
UNCLASSIFIED
11
UNCLASSIFIED
Methodology
JMET
• Identify Mission Conditions
• Define Objectives (Capacity and Capability)
• Identify Intermediate Objectives
• Identify Output and Standards
• Identify Dependencies and Constraints
TTP
• Identify Resource Conditions
• Identify Processes and Metrics
• Identify Process Dependencies
• Identify cross-linkages
KSA
• Map workrole to process
• Verify appropriate KSAs
• Identify Individual Productivity Standards
and Metrics
PROCESS MAP
UNCLASSIFIED
12
UNCLASSIFIED
Workforce Management – Demand
Analysis
(U) Workforce Management
•
•
•
•
(U) Needs
(U) Capability
(U) Capacity
(U) Integration?
(U) Projected Need
• (U) Strategy/Mission Analysis
• (U) Evolving Workforce Mission Requirements
• (U) Current/Projected Force Readiness
(U) Workforce KSAs to Meet Projected Need
(U) Demand Analysis
• (U) New/modified KSAs required; delete nonessential work roles/functions
• (U) Consolidation of work roles/functions
• (U) Projected Need
• (U) Workforce KSAs to Meet
Projected Need
• (U) Staffing Patterns
• (U) Training Pipeline Requirements
(U) Staffing Patterns
• (U) Number of personnel required to perform
evolving mission
• (U) Organization functional review
(U) Training Pipeline Requirements
The right number of people with the right
skills, experience, and competencies in
the right places at the right time.
UNCLASSIFIED
• (U) Required training
• (U) Training throughput/billets
• (U) Training resources
13
UNCLASSIFIED
Workforce Framework Development
CND
Operate
&
Maintain
Systems
Security Analyst
Network
Infrastructure
Specialist
Knowledge /
Content
Manager
Server
Administrator
Technical
Support
Specialist
Defend
CND Analyst
CND
Infrastructure
Support
Specialist
CND Incident
Responder
Provision:
Design &
Build
Systems
Architect
CND Manager
Systems
Requirements
Planner
Data
Administrator
Cyber security
Analyst/Informa
tion Security
Professional
of several specialty
areas.
Software
Engineer
IA Compliance
Agent
CND Forensics
Analyst
The Framework organizes
cybersecurity into seven highlevel categories, each comprised
Systems
Developer
CND Auditor
Network
Operations
Manager
UNCLASSIFIED
Framework Categories
14
UNCLASSIFIED
NICE Framework
• Securely Provision
o Specialty areas concerned with conceptualizing, designing, and building secure IT systems.
• Operate and Maintain
o Specialty areas responsible for providing the support, administration, and maintenance necessary to ensure
effective and efficient IT system performance and security.
• Protect and Defend
o Specialty area responsible for the identification, analysis and mitigation of threats to IT systems and
networks.
• Investigate
o Specialty areas responsible for the investigation of cyber events or crimes which occur within IT Systems and
networks.
• Operate and Collect
o Specialty areas responsible for the highly specialized and largely classified collection of cybersecurity
information that may be used to develop intelligence.
• Analyze
o Specialty area responsible for highly specialized and largely classified review and evaluation of incoming
cybersecurity information.
• Support
o Specialty areas that provide critical support so that others may effectively conduct their cybersecurity work.
UNCLASSIFIED
15
UNCLASSIFIED
Training Spectrum
IAWIP
Service Career
Training
Joint Individual
Training
Collective Training
Gap/Refresher Training
Professional and Continuing Education
Gap/Refresher Training
DoDIN
Ops
DCO
OCO
Service School and Qualification Training
Sustain
Cyber
Warrior
Career
Create
Cyber
Warrior
Individual Training
Joint Cyberspace Training
and Certification Standards
JMETs
Staff/Unit Certification
Cyber Flag Training
Certification Levels
Retention and Career
Feedback Process
Collective
Training
Cyberspace Exercise
Assessment and Recruiting
UNCLASSIFIED
16
UNCLASSIFIED
Example of Individual Certification
1 Evaluation
2 Practical Exam
Objective
•
•
•
Standardized, High-Stakes,
Scored
Knowledge Based
Remediation Requirements
Identified
•
•
•
Subjective/Objective
3 Review Board
Subjective
•
•
•
•
•
Task Based
Scenario Based
Tailorable
Virtual / Live
Persistent Training
Environment
Paper-Based and Interview / Panel
Leadership
Documentation and Compliance
Oversight
Additional Information
•
UNCLASSIFIED
Annual re-certification requirement to ensure / verify perishable skills
17
UNCLASSIFIED
Developing Cyber Warriors
OPERATING AS A TEAM
Build on individual joint training
Rehearsal of concept
Role familiarization
Integrate and synchronize shared capability
responsibilities
UNCLASSIFIED
18
UNCLASSIFIED
Example Cyber Training Venues
Service Hosted Training Venues for Cyberspace Operations
USA
USN
• Signal Center of Excellence, Fort
Gordon, GA
• Information Assurance Training
Center – FT Gordon, GA
• Computer Network Defense
Course – FT McCoy, WI
• Basic Computer Network
Operations Planners Course
(BCNOPC) – FT Belvoir, VA
• Center for Information Dominance,
Corry Station, FL
• Joint Network Attack Course
(JNAC)
• Naval Postgraduate School,
Monterey, CA
USAF
•Air Force Institute of Technology,
Wright-Patterson AFB, Dayton, OH
• Center for Cyberspace Research
USMC
• Marine Air Ground Task Force
Training Command, 29 Palms, CA
Other Training Venues for Cyberspace Operations
NSA/ADET College of
Cryptology
•Center for Computer Network
Operations, Cyber Security and
Information Assurance
UNCLASSIFIED
Department of Defense
•DoD Cyber Crime Training
Academy, Linthicum, MD
• Technology Track
• Responders Track
• Network Investigations Track
• Intrusions Track
• Forensics Track
•The Information Assurance Training
Center, Fort Detrick, MD
•The Information Assurance Training
Center, Lewis-McCord, WA
•The Information Security Center,
Fort Bragg, NC
Universities/Colleges
• University of Maryland University
College
• Various cyber certifications and
undergraduate/graduate level
degrees
• University of Dayton
• Post Graduate program in Cyber
Security Management
•University of Maryland Baltimore
County
• Various cyber certifications and
undergraduate/graduate level
degrees
Private Sector
• NG Cyber Warrior Course
• Security Awareness and
Certification
• Accreditation Courses
19
UNCLASSIFIED
Summary
The integrated USCYBERCOM strategy for training includes:
• Individual training through the development of a cradle-to-grave training and career
progression model that ensures individuals are professionally developed to assume
greater roles and responsibilities to meet the demands of the command’s three Lines
of Operation
• Collective training through the development of crew, staff, and unit level training
that encompasses tactical, operational, and strategic levels of cyberspace warfare
while supporting and ensuring relevant collective training events are realistic,
instrumented, and agile
• Development of a Common Training Standards Program that develop requirements,
provide guidance for individual and collective training, and track and assess the
nation’s cyberspace force readiness
20
UNCLASSIFIED
20
UNCLASSIFIED
Questions?
UNCLASSIFIED
21
UNCLASSIFIED
Back-ups
UNCLASSIFIED
22
Unclassified
Training / Workforce Development
Ensuring
Interoperability
• Establish interoperable cyber training standards (common, core Knowledge, Skills, & Abilities)
• Validate training requirements (1)
• Align, synchronize, improve, and evaluate the integration and interoperability of cyber forces through exercises
and collective training (1)
• Advocate for combatant command training requirements to include DOTMLPF, materiel, and enabling capabilities
(2)
• Examine DoD exercises, wargames, and experiments related to cyber operations to determine potential
efficiencies, establish guidelines, and incorporate lessons learned. (2)
Training &
Instruction of
Assigned Forces
• Integrate command training requirements into DoD training and education programs (1)
• Certify, monitor, and assess DoD cyber training programs (1)
• Standardize core cyber training across DoD (1)
• Design and conduct strategic & national level exercises, wargames, and table top exercises (1)
• Enable CCDR to focus training on capability shortfalls to address current and future threats (2)
• Manage academic and community outreach programs to private and public institutions (3)
Workforce
Readiness (incl.
non-assigned)
• Monitor the health of the DoD cyber force (2)
• Identify, coordinate, maintain cyber-related JMETL/UJTL to ensure readiness (incl non-asg’d forces) (3)
• Develop training and evaluation activities to determine readiness (1)
• Monitor DRRS and provide assistance in mitigating readiness issues (2)
Develop
Doctrine
•
•
•
•
•
Develop and maintain joint cyber doctrine and concepts (3)
Ensure training and training strategies are consistent with current and emerging cyber doctrine (1)
Act as lead agent for joint cyber publications as designated by Joint Staff J7 (1)
Ensure Service cyber doctrine is consistent with joint doctrine (3)
Promotes a common definition of “cyber force” and descriptions of cyber tasks (2)
Monitor
Promotions,
PME, etc
•
•
•
•
Inform the Service process of promotions (3)
Identify cyber career milestones recommended for promotion (2)
Identify, advocate, and develop cyber PME required for promotion (2)
Advocate the investment of cyber human capital (1)
Unclassified
23