美国Fifth Domain网站2019年7月17日讯，今年6月，美国网络司令部首次组织“网络旗帜2019”（Cyber Flag 2019）战术训练演习。7月17日，美网络司令部作战演习与训练部负责人 John Mauger向媒体透露：旨在按照新的组织体系对新的网络战持续参与作战概念进行演示，演示和评估网络战部队按照的持续参与基本任务要求的作战能力。网络司令部新的作战概念“持续参与”（ persistent engagement）旨在应对低于日常武装冲突门槛的对手，以有效方式打击其网络行为。作战理念之一“前沿防卫”（Defend forward）即：在尽可能远离美国本土的网络空间打击对手，将促使网络战部队结构和新任务的变化。网络防卫部队将改组为三个小组，有效打击对手。
U.S. Cyber Command trained its new operating concept persistent engagement for the first time in a recent Department of Defense exercise.
Cyber Flag 2019, which took place during June and is Cyber Command’s premier tactical exercise was the first opportunity to train “according to the new organizational construct and evaluate or assess their performance against a new mission essential tasks that come with persistent engagement,” Coast Guard Rear Adm. John Mauger, director of exercises and training at Cyber Command, told reporters during a telephone interview July 17.
Cyber Command’s new operating concept, persistent engagement, aims to meet adversaries below the threshold of armed conflict daily as a way to combat their behavior. Defend forward, a subset of the concept, posits that is best to fight adversaries in networks as far from the United States as possible.
The new concept has led to changes within the force and new tasks.
“It really drove a change in how we organize and how we train and exercise the force,” he said. “We had to reorganize the force and we established new tasks and new skills and capabilities that the needed to have. We’ve been driving that into the force over the past year. Cyber Flag 19 was the first opportunity for us to through this exercise series to evaluate the teams according to those new organizational constructs and according to those new mission essential tasks.”
The force has been discussing the need to reevaluate and change the structure of some of its teams based upon operational lessons. However, some officials had noted as recently as May that no substantial changes have been made to team structure.
Without going into much detail, Mauger said that on the defensive side, leaders are now refining the roles of cyber protection teams. He explained that under the old model, cyber protection teams were organized under five squads that performed tasks in mission protection, cyber threat emulation, counter-infiltration, cyber support and cyber readiness.
Some of these roles, such as mission protection, are better served by local IT personnel. Now, Mauger said leaders want cyber protection teams to hunt high-end adversaries who can skillfully maneuver through a network.
Cyber protection teams are now organized under three squads.
One of the other tenets of persistent engagement, and a top priority of Cyber Command head Gen. Paul Nakasone, is partnerships. This includes domestic partnerships between the interagency, state and local government and the private sector as well as international partnerships.
While foreign partners have long participated in Cyber Flag, 2019 marked the first year in which there were integrated teams consisting of foreign militaries and members of the U.S. cyber mission force.
Mauger provided one example of a team from the U.S. Marines and the United Kingdom.
“They fought through the same virtual network environment that the other teams were working in but because they were integrated [and] because they were having to work together, it forced them to get to the next level of details and some really important observations and learning on how to command and control, how to share intelligence, how best to plan these operations,” he said. “There were a number of opportunities for them to learn best practices from one another and drive those into a joint combined team.”
Protecting ‘operational’ systems
A relatively new focus for Cyber Flag has been the introduction of operational technology networks, or industrial control system (ICS)/supervisory control and data acquisition (SCADA) networks.
Mauger said Cyber Command introduced these types of networks last year. The 2018 event also marked the first year since at least 2013 that Cyber Command did not release any information on Cyber Flag.
Traditionally, DoD’s cyber forces have focused on IP-based networks, but now cyber leaders across the Defense Department have emphasized operational technology networks.
“It’s really critical that our forces not only know how to operate and hunt on regular IT networks or information technology networks or business networks, but they also know how to hunt and detect and maneuver against adversary activity in operational networks,” Mauger said.
If called upon by the Department of Homeland Security to help defend or respond to an incident on critical infrastructure – typically operational systems – Defense Department personnel will have to know how these networks work. This is often quite different than standard business networks.
Mauger said over the past year, Cyber Command worked closely with national labs to develop a robust virtual ICS/SCADA model and focus on teams’ ability to hunt for adversary activity on those networks.