NIWC Atlantic Team Trains Reserve Sailors in Defensive Cyber Operations

CHARLESTON, SC, UNITED STATES

12.04.2023

Story by Kris Patterson 

Naval Information Warfare Center Atlantic

✔ ✗ Subscribe

5

Naval Information Warfare Center (NIWC) Atlantic’s Cyber Security Service Provider (CSSP) team recently hosted a cybersecurity exercise to train their dedicated Navy Reserve unit in defensive cyber operations.

More than 50 reserve Sailors from the Naval Information Warfare Systems Command (NAVWAR) Reserve Program Cybersecurity Pillar participated in GIBSON CASTLE 23, a four-day exercise that focused on operational and tactical strategies these cybersecurity analysts would use during a real-world cybersecurity breach of a CSSP customer’s network.

“The Sailors were exposed to real world demands and what the CSSP clients need in order to remain operational through major impacts or disruptions to their networks as a result of such an incident,” said Cmdr. Ryan Mayer, NAVWAR Cybersecurity Pillar training and readiness officer.

The Reservists learned how to respond to an incident on three levels of control: strategic, operational and tactical.

At the strategic level, the Reservists learned how to conduct coordination among different government agencies and stakeholders during a cyber incident, including how to report, when to report, what to report and whom to report to.

At the operational level, the Reservists learned how to conduct cyber operations, which requires understanding the tools available to them to perform the mission, what those tools can tell them, how they can employ the tools to gather data and what can be inferred from the data.

At the tactical level, the Reservists learned about cyber detections and warnings and what they mean, how to parse through data and identify indicators of compromise, critical aspects related to an ongoing cyber event, how to think like an adversary and how to operate within a system’s cyber terrain.

The exercise also provided the Reservists opportunities to get defensive cyber operations (DCO) specific training and CSSP familiarization.

“This exercise was a pivotal point in future-proofing the partnership between NAVWAR Cybersecurity Pillar and the NIWC Atlantic CSSP,” said Cecilia Dallier, CSSP director. “We are so excited for the opportunities that exist with such impressive support behind us.”

The NIWC Atlantic CSSP team provides cyber threat intelligence, cyber hunt and threat analysis, insider threat detection and reporting, attack sensing and warning, incident response and continuous monitoring and reporting for multiple Navy and Department of Defense networks and assets for which NIWC Atlantic provides U.S. Cyber Command-accredited and Joint Force Headquarters-DOD Information Network-directed CSSP services.

The NAVWAR Reserve Program was reorganized in 2022 to better align Reserve Sailors to the mission and needs of NAVWAR. In doing so, pillars of operational support were established in the areas of space, information warfare, unmanned systems and cybersecurity.

The Cybersecurity Pillar consists of three geographically separated units in Norfolk, Virginia (Cyber East); Austin, Texas (Cyber Mid); and Seattle, Washington (Cyber West),

“For the past year, the Cybersecurity Pillar has been hard at work getting a training pipeline developed to provide fully trained cyber analysts to augment the CSSP in accomplishing its DCO mission,” Mayer said.

During that time, Cyber East was directed to relocate from Norfolk to NIWC Atlantic’s headquarters in Charleston to better support and more fully integrate into NIWC Atlantic’s CSSP.

To date, four Sailors have been qualified to provide CSSP Operations watch support. With their training pipeline baselined and future events with NIWC’s CSSP in Charleston, the Cybersecurity Pillar has set the goal of having all Sailors qualified by the end of fiscal year 2024.

“Overall, we wanted to see how well we could flex and provide relevant, ‘just in time’ support to the CSSP,” Mayer said. “We met that goal and all of our training objectives. We still have a long road ahead but the exercise was a huge success.”

GIBSON CASTLE 23 was the first "large scale" exercise in a planned series of exercises that will take place twice a year, with the next one slated for spring 2024.