Training our forces in cyber self-defence – getting brilliant at the basics

‘Cyber’, when the word is said many images come to mind, power stations out of control, Hugh Jackman in the movie swordfish, the wanna-cry style ransomware attacks, its potential impact is only limited by our imaginations. Cyber is a very topical issue and is certainly gaining momentum with sizeable investment from governments across the world. But how do we ensure that our forces in Australia are ready to operate in this new landscape where the battle has the potential to be influenced in areas one cannot see?

The need to have our forces trained in defensive cyber practices and procedures is clear, a 2016 report by the Australian Centre for Cyber Security (ACCS) called for a "rapid catch-up in Australian capabilities for military security in the information age". How do we achieve this "rapid catch-up" required?

A recent examination of the US Army’s approach to cyber training spoke of a different approach they are currently taking that is having great results: the US Army Cyber Training School and its use of unclassified openstack platforms that were being implemented to train their forces, platforms that were easy to update and roll out to keep up with ever changing training needs. A smart initiative that has had great results. So how can we take this a step further? How do we ensure our operators of all corps/mustering ready to fight in this landscape?

Deliver training from the start

To build the cyber reliance/self-defence of our forces applying the training at the base is key. Look at opportunities to insert this training at initial employment training across all corps and mustering. By introducing the key concepts at the start, we have the opportunity to have a workforce that is ready from the start.

Treat cyber self-defence like a weapon system

Much like we focus on physical defence of our forces through the training and employment of the personal weapon systems, we should look at cyber self-defence in the same way. Teaching and testing the basic defensive cyber practices to ensure a level of security and reduction of vulnerabilities.

Link cyber defence to readiness notice

Like all defence skills and qualifications, maintaining skill currency is key. Much like we require our forces to regularly demonstrate competence in skillsets to demonstrate their readiness to deploy on operations we should look at ways to incorporate cyber defence testing and certification.

Instil a culture of cyber security across the workforce.

Start to send the message that it really is everybody's problem. A lot of the basic threats can be mitigated by simple actions and awareness of people – processes and technology can follow on from this.

Have any further thoughts on how we can achieve the "rapid catch-up" of cyber self defence across our forces? Are there examples where this has started? Tell us in the comments below.

Patrick Batch

Patrick is a Director at BCT Solutions, an independent C4ISREW consultancy. Patrick has over 15 years’ experience in both the defence and heavy industry sectors in capability development. He is passionate about delivering great outcomes for the end user across acquisition and sustainment activities.