The need to have our forces trained in defensive cyber practices and procedures is clear, a 2016 report by the Australian Centre for Cyber Security (ACCS) called for a "rapid catch-up in Australian capabilities for military security in the information age". How do we achieve this "rapid catch-up" required?
A recent examination of the US Army’s approach to cyber training spoke of a different approach they are currently taking that is having great results: the US Army Cyber Training School and its use of unclassified openstack platforms that were being implemented to train their forces, platforms that were easy to update and roll out to keep up with ever changing training needs. A smart initiative that has had great results. So how can we take this a step further? How do we ensure our operators of all corps/mustering ready to fight in this landscape?
- Deliver training from the start
To build the cyber reliance/self-defence of our forces applying the training at the base is key. Look at opportunities to insert this training at initial employment training across all corps and mustering. By introducing the key concepts at the start, we have the opportunity to have a workforce that is ready from the start.
- Treat cyber self-defence like a weapon system
Much like we focus on physical defence of our forces through the training and employment of the personal weapon systems, we should look at cyber self-defence in the same way. Teaching and testing the basic defensive cyber practices to ensure a level of security and reduction of vulnerabilities.
- Link cyber defence to readiness notice
Like all defence skills and qualifications, maintaining skill currency is key. Much like we require our forces to regularly demonstrate competence in skillsets to demonstrate their readiness to deploy on operations we should look at ways to incorporate cyber defence testing and certification.
- Instil a culture of cyber security across the workforce.
Start to send the message that it really is everybody's problem. A lot of the basic threats can be mitigated by simple actions and awareness of people – processes and technology can follow on from this.
Have any further thoughts on how we can achieve the "rapid catch-up" of cyber self defence across our forces? Are there examples where this has started? Tell us in the comments below.