Sections

Introduction

Training Objectives

Training for Defensive Cyber Operations

Training for Offensive Cyber Operations

HRD Model for Cyber Warriors

References

Introduction

The emergence of cyberspace as a formidable new domain of warfare in a multi-dimensional battlespace is a comparatively recent phenomenon, with cyber conflicts intensifying alarmingly over the last decade. As a result, major world players have evolved national cyber security strategies and restructured their cyber organisations in order to adequately secure their respective national cyberspaces [1]. In most cases, the armed forces have been given a central role to play in these restructured organisations.

In contrast, the charter of the Indian Defence Forces is presently restricted to the protection of Defence Cyberspace. In a recent work titled “Cyber Governance in India: Transform of Perish”, the author has argued that cyber governance at the national level needs to undergo a transformative restructuring, with our Armed Forces at the helm as part of an integrated national security strategy. Moreover, it is the author’s view that the creation of a limited Defence Cyber Agency (DCA) at this late stage is a weak response to the threats from our adversaries which loom large in cyberspace, and that a full-fledged Cyber Command must be raised at the earliest [2].

It is important to point out here that even after approval is granted for the raising of a Cyber Command, a long lead time would be needed for steering it to full operational status. This is because, unlike other warfighting skills, training of cyber warriors is a highly complex task which cannot be accomplished in a compressed time-frame. As an example, while the US Cyber Command was created in 2010, it took over eight years of focused efforts on the part of the US DOD to fill up its 6200 cyber warrior vacancies [3].

This work gives an introductory insight into the important issue of cyber skill development in the Indian Armed Forces, under the assumption that the DCA will soon be upgraded to a Cyber Command, requiring the services of several thousand cyber warriors trained across a wide spectrum of cyber disciplines.

Training Objectives

As indicated above, presently the role of the Armed Forces is restricted to protection of the Defence Cyberspace, together with a limited mandate for offensive cyber operations in furtherance of their operational tasks. In the author’s view, this role needs to be expanded to include in its charter the single point responsibility for all offensive cyber operations (to include active defence) at the national level, as also the protection of our National Critical Information Infrastructure (NCII) when faced with threats which have strategic ramifications. Although both the limited and expanded roles entail the development of skills for both defensive and offensive cyber operations, the workforce needed for fulfilling the expanded role would be an order of magnitude larger in size, particularly for offensive cyber operations.

In the discussion which follows, it is assumed that the Defence Cyberspace has a robust network security architecture in place, as also multiple data centres providing secure cloud services to the Armed Forces. In addition, several thousand cyber warriors are required to be recruited for a Cyber Command, which has offensive cyber operations as its primary charter.

This next two sections attempt to identify the nature of the cyber workforce which would need to be trained for carrying out the envisaged role in cyberspace as outlined above. It is pertinent to mention here that the organisational and network architectures, as well as designations for various classes of cyber warriors referred to in the discussion which follows are purely notional, the sole purpose being to provide an introductory understanding of the complexities involved in cyber skill development.

Training for Defensive Cyber Operations

Network and Security Architecture

For the purpose of this discussion, the network and security architecture assumed to have been adopted by the three Services for their land based information infrastructure may be characterized as under:-

• Station-wide zonal access networks (ZANs), serving a set of unit/ branch HQ/ establishment LANs, and communicating with other stations over a country-wide WAN. In other words, a three-tier architecture comprising of LANs, ZANs and a WAN.
• A Service specific Computer Emergency Response Team (CERT) at the central level, to provide incident response, audit and advisory services on all cyber security matters [4].
• A Security Operations Centre (SOC) for each major station or a group of smaller stations, for enforcement of cyber security measures, close monitoring of security parameters and providing incident response services within their jurisdiction.
• Robust security architectures in place for the protection of data centres providing secure cloud services to the units and formations.

Responsibility for Cyber Defence

In general, implementation of cyber security measures within unit/ branch HQ/ establishment LANs (End User Segment) would be the responsibility of the common user (or end user; eg, all arms users in the case of the Indian Army), while protection of ZANs, WANs and Data Centres (Network Segment) would be handled by a separate cadre of network specialists within each Service (eg, the Corps of Signals in the case of the Indian Army).

Cyber Training Profiles: End User Segment

The following three levels of cybersecurity training are envisaged for cyber users in the End User Segment:-

• Desktop User. This is the user who operates desktops/ laptops in formations/ units/ establishments, and is to be trained on basic cyber hygiene and implementation of cyber security policies. Such training is required to be imparted to all personnel who are potential users of Defence Cyberspace, which would mean all officers and selected categories of soldiers. Such training would necessarily form part of basic military training at respective training establishments and does not involve the conduct of special cybersecurity courses.
• Unit/ Branch System Administrators. Unit/ Branch System Administrators manage LANs and information systems within units/ establishments and various branches at a formation HQ. The scope of their cybersecurity training would cover firewalling of LANs and application servers, cyber hardening of devices as per latest Cyber Security Policy, and in general performing the duties of Cyber Security Officer. Ideally, this training should be conducted at respective all arms/ branch training establishments. However, in the absence of adequate expertise at these establishments, training courses may need to be conducted at specialist training establishments (eg, the Military College of Telecommunication Engineering (MCTE) for the Army). A short course of 2-3 months should be sufficient to impart this level of training.
• Formation IS and IW Appointments. Training is required to be carried out for Information System (IS) and Information Warfare (IW) related appointments (officers) at various headquarters, and IS establishments such as Directorate General of Information Systems (DGIS), Management Information Systems Organisation (MISO), Army Software Development Centre (ASDC), etc. Their tasks include ensuring the implementation of cyber security policies within their respective formation HQ, vetting of IT projects from a security standpoint, carrying out cybersecurity audit, and handling all other cybersecurity matters within the formation. At lower headquarters, a single appointment may be tasked with handling IS as well as IW matters. Officers manning IW assignments at higher headquarters may need to be imparted this training as part of a comprehensive syllabi involving all components of IW (cyber warfare, EW and psychological warfare) [5]. Such training would need to be imparted at specialist training establishments. In order to train officers for such assignments, short courses of 2-3 months duration, with prior experience as a Unit Administrator being an essential eligibility, may be adequate.

Cyber Training Profiles: Network Segment

Protection of the Network Segment, including Data Centres, requires a much higher level of specialisation as compared to the User Segment. It is felt that cyber security training for the Network Segment is best imparted at respective Services specialist training establishments, such as the MCTE for Army. Two levels of training are envisaged for this purpose, as under:-

• Network Administrators. These are personnel who would be responsible for implementing all necessary security measures for the defence of the ZANs and WANs. A graduate degree in network disciplines is considered essential for acquiring this level of expertise.
• Network Security Specialists. These are personnel who would have the necessary expertise for performing all SOC/ CERT functions as well as for securing data center/ cloud computing infrastructure. The typical criteria essential for performing these tasks would include multiple tenures as network administrators as also qualification on a network security course of 3-4 months duration specifically tailored for such assignments.

Training for Offensive Cyber Operations

Cyber Command: Notional Structure

The previous section has outlined a notional architecture for Defence Cyberspace, and categorized the cyber defence workforce into different classes depending on the level of training required to be imparted to each class. This classification is based on the experience gained in defensive cyber operations over several decades. In contrast, experience in offensive cyber operations is limited, primarily because of the narrow mandate given to the Armed Forces in this area. Therefore, characterization of the cyber workforce required for offensive cyber operations is largely exploratory. As already stated, for the purpose of this discussion it is assumed that the training needs for a full-fledged Cyber Command, comprised of several thousand cyber warriors having capabilities at par with the US Cyber Command and the PLA SSF, are to be met. Such a Cyber Command, would essentially comprise of operational units tasked with carrying out offensive tasks as well as R&D elements which would develop the platforms, tools and techniques for the conduct of cyber operations.

Cyber Training Profiles: Offensive Cyber Operations

In order to effectively carry out full spectrum cyberspace operations, two distinctly different streams of cyber personnel would be needed: Cyber Commanders and Cyber Specialists. These are discussed below.

• Cyber Commanders. Cyber Commanders would be those who understand the complexities and nuances of cyberspace operations well enough to direct their conduct, and at the same time are also fully conversant with the operational requirements of the defence forces. Cyber Commanders would act as an interface between the formation commanders/ general staff on the one hand and cyber specialists on the other, and would be placed in command of all cyber execution units. Cyber Commanders would need to be trained on cyber disciplines as well as military disciplines. It is felt that their level of expertise in cyber disciplines should be at par with Network Security Specialists, and it is from this pool that Cyber Commanders should ideally be selected. At the same time, they should be well conversant with operational requirements, and therefore would need to be qualified on career staff and command courses and also have adequate field experience.
• Cyber Specialists. Cyber Specialists would be those who are capable of actually carrying out offensive cyberspace operations. In order to achieve ever higher levels of expertise so essential for carrying out offensive cyber operations, once inducted into this stream Cyber Specialists of all hues must ideally be assigned only to cyber assignments. Cyber Specialists may be further categorized into several sub-classes, as under:-

*    Cyber Attackers. These would be suitably trained officers with the right aptitude as well as expertise for penetrating the adversaries’ cyberspace, launching exploits and using appropriate tools and techniques for full spectrum cyber operations.

*   Cyber Assistants. This set of personnel would be trained to assist the Cyber Attackers in carrying out their tasks. They would be JCOs/ OR or equivalent civilian personnel trained at diploma level in cyber disciplines, and would work under the supervision of the Cyber Attackers.

*   Cyber Scientists. These are the most qualified cyber professionals who would be highly specialized in a particular field of cyber operations. It is these personnel who would carry out the necessary research to find new vulnerabilities in existing systems and develop malware to exploit them. This level of expertise would probably be gained after years of experience as Cyber Attackers.

*   Cyber Domain Experts. These are the individuals who are super specialized in a particular domain of expertise, for example, Incident Responder, Auditor, Big Data Analyst, etc.

• Cyber Command: Manning Norms. Broadly speaking, while cyber attackers and assistants would be placed in Offensive Cyber Operations (OCO) units/ teams for carrying out actual operations, cyber scientists would provide the necessary R&D support through the Cyber Support Operations (CSO) units/ teams. Cyber domain experts would be allocated to both types of units/ teams (unit/ team designations have been used in a generic sense here, and would depend on the organisational structure of the Cyber Command).

HRD Model for Cyber Warriors

The previous two sections have attempted to provide a simplified view of the spectrum of cyber warrior classes which would make up the cyber workforce. However, a detailed analysis would need to be carried out to evolve the actual cadre structure. Indeed, many of the classes/ sub-classes discussed here would most likely be split into further sub-classes, creating multiple streams of specialisation.

Foundational Disciplines for Training in Cyber Operations

Some of foundational disciplines for facilitating specialist training on cyber operations include the following: computer architecture, operating systems, programming languages/ algorithms, computer networking and telecommunications, cryptography, data storage and information retrieval, etc. Increasing levels of specialisation would be achieved through higher qualifications, and more importantly as a result of extended tenures in cyber assignments. While a diploma level qualification may suffice for Cyber Assistants, all other offensive cyber assignments would warrant post-graduate/ doctoral degrees in various specialist disciplines.

Cyber Skill Hierarchy

The term “cyber warriors”, used in a generic sense, encompasses all users of cyberspace, as each user has a role to play in fighting and winning cyber wars. However, the level of specialist expertise amongst different classes of cyber warriors varies widely. At the lowest end of the cyber skill spectrum lies the Desktop User, while Cyber Scientists and Cyber Domain Experts occupy the pinnacle of the cyber specialisation hierarchy. An indicative cyber skill hierarchy based on the “specialisation” parameter is depicted below:-

Development of Standards

One of the important first steps in evolving an effective HRD model for the cyber workforce is to develop standards based on work roles, tasks, knowledge and skills for each of the cyber warrior sub-classes. The US NIST NICE Framework, although formulated for the U.S. cyber workforce at the national level, is a good example of such a standard [6].

Trade Structures

Once work profiles have been identified, corresponding trade structures would need to be created to recruit suitable candidates into newly raised or re-structured cyber organisations.

Recruitment

For certain classes such as Desktop User and Unit System Administrator, training of existing service personnel to desired standards would be sufficient. On the other hand, for classes at the higher end of the cyber skill hierarchy, while a significant number of personnel may be re-categorized from existing military cadres, at the same time suitable civilian experts may also need to be recruited, especially if strict time-lines for creation of fresh cyber forces are to be met. Another motivation for recruiting civilian talent would be to tap the best talent available in the country for specialized offensive cyber operations. For offensive operations, cyber warriors should ideally be inducted into service on a permanent basis, and short term recruitment avoided as far as possible.

Career Planning

The current norms for career planning being followed by the Indian Armed Forces are designed to groom commanders with well-rounded profiles, and are not conducive for nurturing a highly specialized workforce. These would need to be significantly modified to accommodate profiles with permanent deployment or multiple tenures in cyber assignments, provide career protection to specialist officers up to the highest ranks, etc. In general, career planning for the cyber workforce would need to be based on principles which are vastly different from existing practices. In particular, the placement mechanisms would need to be driven by intelligent algorithms to ensure that the precious specialist cyber workforce is utilized in the most optimal manner.

Training Institutes

Creation of in-house training establishments would be a critical requirement for the HRD model to yield desired results. Because of the highly specialized nature of the cyber disciplines, especially in relation to offensive cyber operations, training facilities may need to be shared amongst the three Services. For certain training segments, training courses offered by our premier educational institutes of national repute, as also certain commercial training facilities, may need to be subscribed to till such time in-house facilities are developed.

Conclusion

This work has endeavoured to highlight the importance of cyber skill development in the Indian Armed Forces as an essential response to imminent threats to our national security emanating from an increasingly hostile global cyberspace. Expertise in cyber operations is uniquely characterized by being highly specialist in nature, much more than any other military skill. The above discussion offers a glimpse of the complexities involved in training a cyber workforce by providing a flavour of the wide spectrum of job profiles which make up this workforce. It also presents the broad contours of an HRD model which could recruit and train such a workforce.

India’s response so far to emerging threats in cyberspace leaves much to be desired. The organizational limitations of the DCA are further exacerbated by the fact that a suitable HRD model for generating the requisite trained manpower is not yet in place. It is imperative that a full-fledged Cyber Command be raised on priority, and simultaneously necessary follow up steps be taken for training a potent cyber workforce.

References

(1)     Lt Gen (Dr) R S Panwar, China’s Special Support Force and Its Implications for India – Parts I to III, Future Wars, 09 Jun 2020, Accessed 09 Jul 2020, https://futurewars.rspanwar.net/chinas-special-support-force-and-its-implications-for-india-part-i/.

(2)     Lt Gen (Dr) R S Panwar, Cyber Governance In India: Transform or Perish – Part III: Transformative Restructuring, Future Wars, 02 Jun 2020, Accessed 09 Jul 2020, https://futurewars.rspanwar.net/cyberspace-governance-in-india-transform-or-perish-part-iii/.

(3)     Mark Pomerleau, Cyber Command Reaches Critical Staffing Milestone, Fifth Domain, 17 May 2018, Accessed 09 Jul 2020, https://www.fifthdomain.com/dod/cybercom/2018/05/17/cyber-commands-cyber-warriors-hit-key-milestone/.

(4)     The Corps of Signals, Indian Army Website, Accessed 09 Jul 2020, https://www.indianarmy.nic.in/Site/FormTemplete/frmTemp2PMR7C.aspx?MnId=4MVqUdhaJXXcOB9diRh5hQ==&ParentID=9DQ6EBAnHQwgWSixHM+EFw==.

(5)     Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part IV: Existing and Proposed IW Structures, Future Wars, 21 Apr 2020, Accessed 09 Jul 2020, https://futurewars.rspanwar.net/iw-structures-for-the-indian-armed-forces-part-iv/.

(6)     William Newhouse et al, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, National Institute of Standards and Technology, US Dept of Commerce, Accessed 09 Jul 2020, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf.