DoD's Premier Cyber Training Platform and Its Evolution
The Persistent Cyber Training Environment has transformed from a prototype concept in 2015 into the Department of Defense's primary cyber training platform, now supporting over 10,000 users across all military services through a $957 million contract managed by Cole Engineering Services. This distributed, cloud-based system enables the Cyber Mission Force to train globally from any location, supporting everything from individual skill development to large-scale multinational exercises involving 18+ nations. The program represents a fundamental shift in military cyber training—replacing fragmented, service-specific systems with a unified joint platform that provides realistic mission rehearsal capabilities against sophisticated nation-state threats.
The PCTE journey began in 2015 when U.S. Cyber Command recognized that cyber warriors lacked a centralized training facility comparable to the Army's National Training Center at Fort Irwin. By 2024, PCTE has evolved through eight major versions, supports 4,500 concurrent users managing nearly 100,000 virtual machines, and is projected to triple capacity by 2026. Managed by Army PEO STRI on behalf of the joint force, PCTE has become a cornerstone of the Joint Cyber Warfighting Architecture, directly feeding readiness data to operational command systems while enabling teams to rehearse missions in realistic replicas of adversary networks.
PCTE program fundamentals and strategic role
The Persistent Cyber Training Environment serves as the Department of Defense's distributed online training platform enabling Cyber Mission Force personnel to train remotely from anywhere worldwide. Created to address a critical gap in cyber training infrastructure, PCTE provides the foundation for individual sustainment training, team certification, mission rehearsal, and collective training exercises across all classification levels—from unclassified through top secret.
Before PCTE's introduction, the DoD relied on loosely affiliated virtual environments lacking automation necessary for persistent, scalable training. Each military service developed independent training models with minimal synchronization and no overarching joint perspective. Traditional cyber training required physical presence at specific locations, limiting accessibility and increasing costs, while acquisition timelines meant waiting months or years to develop training scenarios—unacceptable in the fast-paced cyber domain.
PCTE fundamentally changed this paradigm by providing a relevant, configurable, and real-time virtual environment that emulates operational network environments with realistic scope, scalability, and fidelity driven by training objectives. The platform enables "train as they fight" scenarios where teams can practice operations in realistic instances of threat environments, encounter unexpected circumstances, and refine responses before real crises unfold. The development timeline demonstrates remarkable agility: PCTE progressed from program inception in 2015 to first operational use during Cyber Flag exercise in June 2020, with Version 7 operational by 2024 and Version 8 approved for release.
The platform's strategic importance extends beyond training. PCTE supports U.S. Cyber Command's strategy of persistent engagement and defending forward by ensuring all 133+ Cyber Mission Force teams maintain proficiency whether conducting real-world missions or training. Mike Hudson, USCYBERCOM's Deputy for Training and Exercise, emphasized in May 2024 that "PCTE is our training environment for the joint force and it helps us stay ahead of the curve and anticipate these threats. The agile training environment enables flexibility, rapid adaptation of new techniques." The platform integrates the latest cyber tools, tactics, and adversary simulations—including People's Republic of China, Russian Federation, and Iranian threat actors—ensuring forces train against the most up-to-date scenarios across all classification levels.
PCTE serves as one of five elements within the Joint Cyber Warfighting Architecture, integrating with Joint Cyber Command and Control (JCC2) to provide real-time readiness data directly from training activities. This integration makes PCTE not just a training system but an operational capability that informs commander decision-making. The platform currently supports up to 4,500 concurrent users and manages nearly 100,000 virtual machines with four petabytes of content, with projections to scale to 30,000 concurrent users, 300,000 virtual machines, and 12 petabytes by 2026.
Primary users span all military service components: Army (41 CMF teams), Navy (40 teams through Fleet Cyber Command), Air Force (39 teams), Marine Corps (13 teams), plus Coast Guard, Air National Guard, and Air Force Reserve. International partners include Australia (first foreign partner receiving PCTE delivery in October 2022), with Canada and United Kingdom in partnership discussions. Geographic and functional combatant commands increasingly request access, with U.S. Transportation Command noted as a "critical, critical user." The platform has supported major exercises including Cyber Flag (USCYBERCOM's premier annual multinational training event), Cyber Shield (525+ personnel from 18 nations), and Cyber Anvil joint force training events.
From prototype to prime contract: acquisition timeline and evolution
The PCTE contract history reveals a deliberate evolution from agile prototyping through multiple small awards to a consolidated prime contractor model, demonstrating the Army's innovative acquisition approach for rapidly-evolving cyber capabilities.
November 2016 marked the formal beginning when Army Cyber Command launched the first Cyber Innovation Challenge focused on PCTE, using Other Transaction Authority through the Consortium for Command, Control and Communications in Cyberspace. At this time, only 30 of 41 Army cyber mission teams were at full operational capability, and Secretary of Defense James Mattis specifically highlighted PCTE in April 2018 Senate testimony, underscoring its strategic importance.
By April-May 2018, four companies received the initial prototype awards: ManTech International, SimSpace, Metova, and Circadence. These contractors delivered capabilities by July 2018, enabling first training in August 2018 and larger-scale exercises by January 2019. This prototype phase continued through five Cyber Innovation Challenges (CICs #1-5) spanning 2018-2020, with each challenge targeting specific capability gaps—knowledge management systems, micro-cloud management, assessment planning, and traffic generation. CIC #4, posted May 2020, drew 78 companies to its industry day, with 25% new to PCTE, demonstrating growing industry interest.
The Army released the draft Request for Proposals for Cyber TRIDENT on March 10, 2020, with solicitation number W900KK-20-R-0001 and an estimated value of up to $957.7 million. The final RFP followed June 11, 2020, with proposals due August 6, 2020. Five bids were received, with major competitors including a Raytheon Technologies team (partnered with Red Hat and VMware) and a ManTech/General Dynamics team. Despite the prototype phase involvement of SimSpace, ManTech, Metova, and Circadence, none of these companies won the prime contract.
On December 2, 2021, Cole Engineering Services, Inc. (CESI), a By Light Company, won the Cyber TRIDENT contract—an Indefinite Delivery/Indefinite Quantity, firm-fixed-price contract worth $957.7 million running through November 29, 2029. This award represented a significant shift from the prototype's multi-vendor approach to centralized program management. Cole Engineering had supported PCTE prototyping activities since 2018, providing continuity, and brought modeling and simulation expertise along with their Coalesce Framework for holistic Agile DevSecOps capability.
The contract scope encompasses management, integration, maintenance, and evolution of the PCTE platform, including platform architecture and product management, agile development and delivery systems engineering, DevSecOps operations, hardware and software infrastructure management, user event support, help desk support (on-site and remote), and Integration Factory operations. No protests were identified in GAO records, and the award proceeded without legal challenges—unusual for a program of this magnitude.
The acquisition strategy deliberately leveraged OTA to rapidly develop and field capabilities while reducing risk during the prototype phase (2016-2020), then transitioned to a traditional IDIQ structure for long-term program management and sustainment (2021-present). This approach allowed the Army to refine requirements through operational use before committing to a large-scale contract, while enabling participation by small, non-traditional defense contractors during the innovation phase.
Current contractors and program structure as of 2025
The PCTE ecosystem operates under a dual-prime structure with Cole Engineering Services managing the technical platform while Ultimate Knowledge Institute serves as the prime training and assessment provider—an unusual arrangement that separates infrastructure from content delivery.
Cole Engineering Services, Inc. (CESI) holds the primary Cyber TRIDENT contract and operates what they describe as "the largest cyber range in the world." The company opened a new facility in Hanover, Maryland in August 2023 near Fort Meade to support National Capital Region operations, complementing existing locations in Orlando (DevOps Center), Fort Gordon, and other sites. CESI's responsibilities encompass overall platform management, integration, maintenance, infrastructure development, and the Integration Factory that enables third-party vendor capability insertion. They implement the VMware Cloud Foundation backbone and manage the agile DevSecOps processes that enable rapid capability delivery.
Ultimate Knowledge Institute (UKI), founded in 1999 and based in Scottsdale, Arizona, serves as the prime training and assessment provider for PCTE. UKI operates the OpenDash360™ Platform, which functions as a training aggregator connecting multiple elite training vendors into a unified interface for PCTE users. Through this platform, UKI provides PCTE-ready training content, cyber certification courses aligned with DoD 8570/8140 and NIST/NICE Framework requirements, and custom cyber content development covering technical competencies. In May 2024, UKI announced a partnership with Immersive Labs to provide hands-on red team and blue team cyber exercises integrated through OpenDash360™. Other training vendors integrated through UKI include Hack The Box, CompTIA, EC-Council, ISC2, Microsoft, OffSec, ISACA, Mandiant, Amazon, Antisyphon, CertNexus, and PMI. UKI also partners with ManTech for EMF 360 Learning Management System capabilities.
Major technology partners provide the infrastructure foundation. VMware (now Broadcom) supplies VMware Cloud Foundation as the core private cloud platform, along with Cloud Director for multi-tenancy environment management, Tanzu Kubernetes Grid for containerized applications, and related virtualization infrastructure since 2017. NetApp provides all-flash storage and data management through their ONTAP platform. F5 Networks supplies application delivery networking, load balancing, and traffic management. Red Hat contributes OpenShift Container Platform for container orchestration and management.
The contractual relationship between CESI and UKI is not entirely clear from public sources—they appear to operate under separate arrangements rather than a traditional prime-subcontractor relationship, creating a multi-vendor ecosystem approach. This structure allows CESI to focus on platform engineering and infrastructure while UKI specializes in training content aggregation and delivery.
Regarding Arbitr Solutions: Despite extensive research across contract databases, defense industry publications, and company records, no documentation could be found of a company specifically named "Arbitr Solutions" with involvement in PCTE or as a UKI subcontractor. Two similar entities exist—Arbitr Security/Arbitr Training (a cyber training company offering certifications) and Arbit Cyber Defence Systems (specializing in cross-domain solutions)—but neither shows documented PCTE involvement. This company may be a smaller subcontractor with limited public documentation, or there may be confusion with similar company names. It's also possible the company operates under a different legal name or has been acquired.
The fate of prototype-phase contractors reveals an interesting dynamic. SimSpace, ManTech, Metova, and Circadence all contributed significantly during 2018-2021 through Cyber Innovation Challenges, but whether they continue as CESI subcontractors or transitioned out remains unclear from public sources. SimSpace continues as a commercial cyber range provider serving government, financial services, and critical infrastructure sectors. ManTech partnered with General Dynamics to compete for Cyber TRIDENT but lost to CESI. The current arrangement suggests CESI likely integrated some capabilities from these prototype contractors while establishing its own platform management approach.
Recent contract activity shows no major contract modifications publicly reported in 2024-2025, indicating program stability. The contract appears to be running according to the original 2021 award structure through 2029, with incremental capability additions following the agile DevSecOps methodology. Budget documents show the Cyber Training Environment Program Element receiving $158.345 million in FY2025 (a 37.7% increase from FY2024's $114.980 million), with total funding of $690.621 million projected through FY2029.
PEO STRI's organizational role and cyber training portfolio
The Program Executive Office for Simulation, Training and Instrumentation operates as a major Army acquisition organization headquartered in Orlando, Florida, with approximately 1,200 employees (military, civilian, and contractors) managing 260+ active programs with annual budget authority of roughly $2.6 billion. While PEO STRI's mission spans all simulation, training, testing, and modeling solutions for the Army, its role in managing PCTE on behalf of U.S. Cyber Command has elevated it to a critical position in joint cyber operations.
Brigadier General Christine A. Beeler assumed command as Program Executive Officer on July 23, 2024, becoming the first female PEO STRI leader after serving as Commanding General of U.S. Army Contracting Command. The PEO STRI organizational structure includes six major project offices, with Project Manager Cyber, Test and Training (PM CT2) holding responsibility for PCTE and advanced technical cyber training capabilities. As of March 2025, Colonel Natashia L. Coleman serves as PM CT2, with Christina Bell as Deputy Project Manager, Benjamin Pryor as Product Manager for Cyber Resiliency and Training (the office directly managing PCTE), Kyle Platt directing the Instrumentation Management Office, and Bradley Horton directing the Threat Systems Management Office.
PEO STRI manages PCTE through an agile acquisition approach using Other Transaction Authority contracts and rapid prototyping. The office coordinates with partner organizations including Naval Information Warfare Center Atlantic in Charleston, Johns Hopkins University Applied Physics Laboratory in Laurel, and University of Central Florida in Orlando. According to PEO STRI briefing materials, "In FY27, PdM CRT and PCTE will realign under U.S. Cyber Command and integrate with the Joint Cyber Warfighting Architecture Program Management Office," signifying the program's maturation and transition from Army-led development to joint operational control.
Beyond PCTE, PEO STRI manages a comprehensive cyber-related portfolio valued at approximately $300-400 million annually or $1+ billion over five years. The Intelligence Electronic Warfare Tactical Proficiency Trainer (IEWTPT) represents one of PM CT2's modernization priorities, supporting multi-domain operations training and integrated with the MDO test bed at Fort Huachuca, Arizona. The Threat Systems Management Office operates multiple programs including Aerial Target Systems (ATS-3), Red Threat UAS support, threat-representative Unmanned Aerial Systems (Groups 1-5), subsonic targets for Counter-UAS training, Opposing Forces Mechanized Vehicle Replication, and Threat-Integrated Air Defense Systems. The upcoming Aerial Target Flight Services V contract carries an estimated value of $497 million with RFP release planned for 1QFY26.
The Test & Evaluation Science & Technology Program, sponsored by OSD Test Resource Management Center with approximately $100 million annual funding, manages 50-70 active projects ranging from $2-50 million over 2-5 years. Portfolio technology areas include Autonomy & Artificial Intelligence, C4 and Software Intensive Systems, Cyberspace Systems (with Army as Lead Service for Directed Energy, Electronic Warfare, and Nuclear Environment Test), Hypersonic and High-Speed Systems, Space Systems Resiliency, and Warfighter Cognitive/Physical Performance.
Test Enterprise Network Modernization (TENM), valued at $400 million, will modernize network infrastructure across ATEC Developmental Test Centers and Operational Test locations through Test Network Modernization, ATEC Fiber Modernization, and Future Wireless Network components, with RFP targeted for 1QFY26 and award in 2QFY26. The Integrated Cyber Operations Network Control Center (ICON C2) in downtown Orlando achieved Initial Operational Capability in Fall 2021, operating as a 24/7 operations center integrating PEO STRI portfolio programs and systems with centralized management platform delivering assured networks, services, and configurations.
PEO STRI's relationship to Army Cyber Command and other cyber organizations is multifaceted. U.S. Cyber Command serves as the primary customer for PCTE, with PEO STRI providing operations support for USCYBERCOM exercises like Cyber Flag. Army Cyber Command collaborates on PCTE requirements and cyber training initiatives, with historical partnership dating to 2016 when Deputy Commander Ron Pontius stated "The PCTE is critical to achieving full cyber readiness." Training and Doctrine Command's Cyber Center of Excellence at Fort Gordon works with PEO STRI to define cyber training requirements and provides operational feedback during PCTE development and testing.
A significant organizational development occurred in October 2023 when PEO Intelligence, Electronic Warfare & Sensors gained responsibility for "all cyber operations" in a broader Army PEO restructuring. Despite this change, PCTE remains with PEO STRI under PM CT2 until the planned FY27 transition to USCYBERCOM, reflecting the program's unique position as a joint training capability rather than a service-specific operational system.
USCYBERCOM's training strategy and workforce development
U.S. Cyber Command has developed a comprehensive approach to cyber training and readiness that emphasizes persistent engagement, defending forward, and creating enduring advantages through strategic investments in people, training infrastructure, and capabilities. The 2023 DOD Cyber Strategy establishes "Build Enduring Advantages in Cyberspace" as a core line of effort, explicitly prioritizing investment in the cyber workforce as "our most important cyber capability."
General Timothy Haugh articulated USCYBERCOM's approach in 2024 Congressional testimony around three priorities: people ("we win with people"—hiring and retaining the right talent), readiness (creating advantage through training systems that ingest data directly from Defense Readiness and Reporting System), and partnerships (amplifying effectiveness through government, industry, academia, and foreign collaboration). This philosophy manifests in a four-phase training model: Phase 1 basic training (service-specific initial military training), Phase 2 foundational training (joint, standardized CMF-specific training managed by Joint Cyberspace Training and Certification Standards), Phase 3 collective training (team-level training and certification evaluated through exercises like Cyber Flag, Cyber Guard, and Cyber Knight with teams recertifying every 2 years or every 12 months for highest readiness rating), and Phase 4 sustainment training (continuous training to maintain skills through ongoing exercises and mission rehearsals).
The Joint Cyberspace Training and Certification Standards (JCT&CS), most recently revised February 2018, creates standardized procedures, guidelines, and standards for individual and collective training applied uniformly across all military services and active/reserve status. Readiness metrics per December 2017 Standard Operating Procedures measure personnel trained to job qualification standards, successful completion of supporting tasks during training exercises/operations, and time between formal evaluations (12-month cycle for highest rating). The force has grown from the first wave of 133 teams (approximately 6,200 military, civilian, and contractor personnel when fully staffed) to include a second wave of 21 Army Reserve component Cyber Protection Teams (800+ personnel reaching Full Operational Capability by September 2024), with an additional 14 new teams planned over the next five years.
PCTE serves as USCYBERCOM's primary tool for executing this training strategy, described by Deputy for Training and Exercise Mike Hudson as "our training environment for the joint force." The platform supports individual sustainment training, team certification, mission rehearsal, and serves as the foundation for collective training exercises, operating from unclassified to top secret levels across all three classification levels. Recent PCTE enhancements specifically address near-peer adversary preparation, with Version 7/8 incorporating increased complexity including adversary tactics from PRC, Russia, and Iran; multi-domain scenario integration; live adversary simulations using actual malware and tactics; and advanced threat scenarios including zero-day exploits, AI-driven attacks, ransomware, social engineering, and exploitation of IoT devices.
Hudson emphasized PCTE's strategic importance in May 2024: "The agile training environment enables flexibility, rapid adaptation of new techniques. PCTE has the capacity to integrate the latest cyber tools, tactics, adversary simulations, ensuring our forces train against the most up-to-date scenarios across all three classification levels. This adaptability is critical. Our adversaries are constantly innovating. Yesterday's defenses are tomorrow's vulnerabilities." The mission rehearsal capability represents one of the most critical aspects—allowing teams to practice operations in realistic instances of threat environments, encounter unexpected circumstances, and refine responses before real crises unfold, training against most up-to-date adversary techniques.
USCYBERCOM's CYBERCOM 2.0 initiative outlines a bold set of options for the future of USCYBERCOM and DoD cyber forces around three key focus areas: talent management (prioritizing assignments related to Secretary's priorities, rewarding force elements improving proficiency, incentivizing mastery), training (more focused training and development to enhance force mastery, taking operators "to mastery" rather than just basic competency), and technical capabilities (leveraging existing development domains with appropriate authorities and requiring right talent capacity).
The DoD Cyber Workforce Strategy 2023-2027 establishes four pillars: identification (consistent capability assessment and analysis processes), recruitment (enterprise-wide talent management program), development (cultural shift to optimize personnel management), and retention (collaboration and partnerships for capability development). USCYBERCOM uses special hiring authorities under 10 U.S.C. 4092 to attract top technical talent, maximizes DoD Cyber Excepted Service authority to streamline civilian hiring (accelerated hiring actions filled 250+ vacancies across the command), grows uniformed cyber leaders at all levels, and leverages National Guard and Reserve expertise with Reserve Component members integrated into daily operations.
The Academic Engagement Network encompasses 120+ institutions through Cooperative Research and Development Agreements and Education Partnership Agreements. The first EPA was signed with Norwich University in November 2023, followed by EPA and CRADA with University of Missouri-Kansas City in January 2024, bringing fresh ideas to mission challenges in areas lacking internal expertise. Industry partnerships through the UNDERADVISEMENT program enable voluntary collaboration with dozens of private partners, linking cybersecurity expertise across industry and government, leading to "dozens of operational successes to impose cost on our adversaries" through enhanced authority to share information with private sector IT and cybersecurity entities.
Training coordination across service components operates through a federated model where Service Cyber Components (all dual-hatted as Joint Force Headquarters-Cyber) maintain responsibility for training execution while USCYBERCOM retains standard-setting authority through JCT&CS. The CMF Training Transition Plan from January 2017 transitioned Phase 2 foundational training from CYBERCOM to services beginning October 2018, with services assigned joint curriculum lead roles for specific work role categories (Army leads cyber planner courses and analyst courses; Navy leads four designated courses validated iteratively FY2019-2021; Air Force leads specific curriculum areas; CYBERCOM retains operator training with planned future transition to a service).
The most transformational change came with Enhanced Budgetary Control starting FY2024, giving USCYBERCOM direct control over $2+ billion in DoD budget authorities with responsibility for planning, programming, budgeting, and execution of CMF resources—previously managed by individual services. This change facilitates faster capability development and fielding, fundamentally altering "the dynamic" of the readiness approach that relied on services to train and organize personnel. FY2025 budget includes Operations and Maintenance of $332.6 million for headquarters, Procurement of $129 million, Research, Development, Test and Evaluation of $1.1 billion, with total DOD cyberspace activities at $13.5 billion.
USCYBERCOM's Artificial Intelligence roadmap finalized September 2023 per FY23 NDAA requirement focuses on five years across three areas: delivering AI capabilities for all cyberspace mission sets, countering AI threats and exploiting emerging opportunities, and enabling AI adoption. Gen. Haugh emphasized: "In an environment transformed by Artificial Intelligence and big data, operational and strategic advantage will accrue to the side that achieves and sustains superiority in collecting and ingesting data, building models and algorithms, and deploying and updating them at-speed and scale—while also denying the same to adversaries." AI training applications include automated data analytics, autonomous opposing forces in training scenarios, enhanced cyber forensics, network automation and restoration capabilities, and integration across PCTE for realistic adversary behavior.
Service cyber components and their distinct training approaches
All four military service branches participate in building and sustaining the Cyber Mission Force while maintaining unique training institutions and approaches reflecting their operational environments and organizational cultures. While all services use PCTE for joint CMF training and follow Joint Cyberspace Training and Certification Standards, each has developed service-specific training programs, facilities, and workforce development strategies.
Army Cyber Command, headquartered at Fort Gordon, Georgia, leads both the largest CMF contribution (41 teams) and manages PCTE development on behalf of the joint force. The Cyber Center of Excellence at Fort Gordon provides training to Army and Joint standards through the U.S. Army Cyber School, with additional training sites at Fort Bragg, JBLM Washington, Fort McCoy Wisconsin, Camp Robinson Arkansas, and Fort Hood Texas. Army cyber training emphasizes an industrial-scale approach with rapid prototyping through Cyber Innovation Challenges, incorporating non-traditional defense companies. Mobile Training Teams provide DoD 8140 training at multiple locations, delivering resident courses covering CompTIA Security+, CISSP, and other certification training along with mandatory annual Cybersecurity Awareness Challenge. As of 2018, 30 of 41 Army CMF teams were at full operational capability. Training challenges include validating all Phase 2 foundational courses to CYBERCOM standards, balancing speed of training delivery with cost-effectiveness, and rapid technological change requiring frequent curriculum updates.
Navy Fleet Cyber Command/U.S. 10th Fleet, headquartered at Fort George G. Meade, Maryland, underwent major training reform during 2022-2024 to address readiness concerns. The Navy implemented a "Shift Training to the Left" strategy with the goal that sailors arrive at operational units fully trained rather than relying on on-the-job training. Two years ago, sailors arrived at CMF teams largely untrained, with manning levels below 80%, creating significant readiness issues. The Navy scaled back team building temporarily (2022-2023) to focus on manning and training existing teams, increasing manning to 90% target, and is now resuming expansion with improved readiness posture. The Navy created the Maritime Cyber Warfare Officer (MCWO) rating—a new dedicated military cyber role, making Navy the last service to establish a dedicated cyber rating. The target is approximately 300 officers focused on offensive and defensive cyberspace operations; as of 2023, 115 officers laterally transferred with 18 new accessions. Plans for 2024 include opening three new Information Warfare training centers with integration of approximately 24 systems into live-virtual-constructive training environments, emphasizing "point-of-presence training" to deliver training where sailors are stationed. Unique Navy challenges include electromagnetic spectrum authorities limiting ability to train with certain capabilities in U.S. territorial waters due to spectrum authorization restrictions, training scheduling with external dependencies on NSA and vendor class availability, and shipboard integration ensuring cyber readiness across 180+ ships with complex C4I systems. The Fleet Readiness Directorate delivered cyber baselines to 180 ships by FY2022, ensuring cyber-ready platforms before deployment.
Air Force 16th Air Force (Air Forces Cyber), reactivated October 2019 and headquartered at Joint Base San Antonio-Lackland, Texas, operates as an Information Warfare Numbered Air Force integrating ISR, cyber warfare, electronic warfare, and information operations. The Air Force emphasizes graduate-level education through the Air Force Institute of Technology Cyberspace Technical Center of Excellence at Wright-Patterson AFB, Ohio, designated as the Air Force's premier cyber training and education center and as an NSA/DHS Center of Academic Excellence in Cyber Research. CyTCoE programs include graduate school offering advanced degrees in computer engineering and computer science with cybersecurity specializations; School of Strategic Force Studies delivering Cyber Senior and Master Professional Rating Courses; School of Systems and Logistics offering short courses on analyzing/handling cyber threats to weapon systems; Advanced Cyber Education providing month-long immersive summer courses for Air Force Academy and ROTC cadets; and the Center for Cyberspace Research conducting graduate-level security and operations research. The U.S. Air Force Academy offers a Cyber Science major program preparing cadets for cyber operations careers. Maxwell-Gunter Air Force Base provides technical training for Cyberspace Operations Officers through a 9.5-week course covering computer systems fundamentals, operating systems, protocols, addressing, hardware, network operations, and security. The Air Force operates a Cyber Direct Commissioning Program recruiting civilian cyber experts directly as officers, with Constructive Service Credit awarding ranks from Lieutenant to Colonel based on education, work experience, and certifications. Air Force cyber forces manage Unified Platform and JCC2 programs on behalf of the joint force as part of JCWA. Training challenges include time frame issues (GAO identified Air Force lacks complete time frames for validating Phase 2 foundational training courses), rapid technology evolution requiring constant curriculum updates, integration complexity coordinating across information warfare disciplines, and cyber workforce retention ensuring adequate service obligations after expensive advanced training. In 2024, Air Force established advanced cyber partnership with Sweden Cyber Command for combined operations and information sharing.
Marine Corps Forces Cyberspace Command (MARFORCYBER), headquartered at Lasswell Hall, Fort George G. Meade, with subordinate elements including Marine Corps Cyber Operations Group, Marine Corps Cyber Warfare Group (800 total personnel), and Marine Corps Information Command (established October 2022), represents the smallest service cyber force but demonstrates rapid modernization. The Marine Corps Communications-Electronics School at Twentynine Palms, California manages Force Modernization Plan for cyber training across 19 major subordinate elements, 90 formal learning centers, and 618 programs of instruction training 102,000+ Marines and Sailors annually. In 2021, Marines created the Cyberspace Operations Field (17XX) with new Military Occupational Specialties: 1712 Interactive On-Net Operator (offensive cyber operations), 1713 Exploitation Analyst (develops exploits requiring advanced cyber analytical training), 1721 Cyberspace Warfare Operator (offensive/defensive operations familiar with all aspects of cyberspace maneuver), 1722 Host Analyst (digital forensics and host-based analysis), and 1723 Network Analyst (network traffic analysis and defense). The Force Modernization Plan transforms every 06XX Marine into a "networked Marine," professionalizing the communications/cyber force. Marines implemented a Lateral Entry Pilot Program in 2024 targeting civilians and former service members with cyber/SIGINT experience for direct enlistment up to E-7 Gunnery Sergeant rank, with 10-15 selectees initially. This 24-month pilot allows participants to skip basic training (for former Marines) and may skip qualification courses with appropriate credentials. Marine Corps cyber forces deployed to Okinawa, Japan in 2023 as the first cyber rotational force supporting USINDOPACOM. Training challenges include smaller force size (625 cyber NCOs compared to larger Army/Navy forces), new MOSs requiring development of training pipelines for recently created specialties, and GAO-identified lack of clear active-duty service obligations for advanced cyber training (specifically ION training). Marines participated in Cyber Flag 2022 and subsequent exercises using PCTE for CMF training alongside other services.
Joint training initiatives unify service approaches through major exercises and shared standards. Cyber Flag, USCYBERCOM's premier annual training exercise, supports 500-650+ personnel from all services, federal agencies, and 18+ partner nations over typically 1-2 weeks using closed networks simulating DoD and adversary networks. Recent iterations include Cyber Flag 20-2 (first major use of PCTE with 17 teams across 9 time zones with Five Eyes participation), Cyber Flag 21-1 (largest multinational cyber exercise with collective defense focus), Cyber Flag 22 (PCTE utilized, 9 countries, DreamPort facility), and Cyber Flag 24-1 (18 NATO allies and partners with critical infrastructure defense). Cyber Guard provides whole-of-nation defense exercises with simulated disaster scenarios involving federal, state, and private sector participation.
Common challenges across all services include training validation and standardization (services lack complete timeframes for validating Phase 2 foundational courses to CYBERCOM standards per GAO 2019), service obligation guidance (unclear active-duty service obligations after expensive advanced cyber training, particularly affecting Army and Marine Corps for ION training while Navy and Air Force require 3-year obligations), workforce data accuracy (particularly Navy with two different tracking systems with conflicting data creating artificially high vacancy rates), rapid technology evolution (training curricula quickly outdated requiring frequent updates), training capacity and throughput (limited capacity at training facilities and external providers like NSA, with Navy struggling with scheduling sequential training without gaps), and realistic training environments (need for high-fidelity training against live adversaries addressed by PCTE virtual adversary networks and Cyber Flag live OPFOR, though spectrum authorization limitations affect Navy specifically).
The PCTE technical platform architecture and how it works
PCTE operates as a sophisticated cloud-based training platform built on VMware Cloud Foundation, providing globally distributed access to realistic cyber training environments across all classification levels. The technical architecture eliminates single points of failure through dual-path networking and highly available components, while VMware Cloud Director organizes multiple virtual data centers on single physical infrastructure. The system employs VMware Tanzu Kubernetes Grid for containerized applications and implements VCF micro-segmentation tools and network firewalls for strict access controls preventing unauthorized cross-tenant interactions.
The platform's distributed system design features globally distributed Regional Compute and Storage nodes enabling on-demand, reliable, and secure virtual access from any geographic location. This architecture leverages DoD and commercial enterprise transport services across all classification levels—UNCLASSIFIED, SECRET/RELEASABLE, and TOP SECRET enclaves—supporting both physical and virtual connectivity for worldwide operations. As of 2024, the system supports up to 4,500 concurrent users, manages nearly 100,000 virtual machines, contains 4 petabytes of training content with over 10,000 registered user accounts, and operates across 9 different time zones globally.
Core training capabilities span four modes: individual training for self-paced modules and skill development, collective training for team-based exercises and certifications, mission rehearsal providing one-for-one replicas of real operational networks for pre-mission practice, and institutional training integrating schoolhouse and Joint Qualification Requirements training. The network emulation capability performs one-for-one replicas of real-world networks supporting IP-based systems, operational technology, and critical infrastructure scenarios. The platform can emulate SolarWinds-type incidents and other complex real-world attacks, with hardware-in-the-loop capability to connect external ranges for enhanced realism.
Scenario creation has been dramatically simplified through the "Rapid Range" feature—a user-friendly drag-and-drop interface with automated environment building tools. A Netflix-style content discovery and recommendation engine helps users find relevant training content, while shareable content across services reduces duplication. The platform maintains reusable training scenarios and emulated environments, with content libraries enabling rapid deployment of previously developed training.
PCTE has evolved through eight major versions demonstrating continuous improvement. Version 1 provided initial prototype capability (2019-2020), Version 2 delivered first operational capability (Q4 FY2020), Version 3 added feedback channels and network health snapshots (Spring 2021), Version 4 introduced the user-friendly discovery engine (January 2022), and Version 7 represents the current operational version (2024) with Version 8 approved for release (2024-2025). The system follows an agile DevSecOps methodology with releases twice per year minimum and continuous software deliveries between major versions, similar to mobile operating system updates. Rapid prototyping occurs through Cyber Innovation Challenges bringing innovative capabilities from non-traditional vendors.
Integration with Joint Cyber Warfighting Architecture positions PCTE as one of six components within the JCWA ecosystem alongside Unified Platform (data ingestion, analysis, and sharing hub), Joint Cyber Command and Control/JCC2 (commander decision support and force management), Joint Common Access Platform/JCAP (firing platform for cyber effects delivery), Sensors (data collection), and Tools (operational cyber capabilities). Integration benefits include seamless data feeds between systems with readiness data flowing to JCC2 via Project Ike, reduced logins across multiple systems, mission rehearsal capability using operational tools, and integration with Joint Development Environment for enhanced mission rehearsal.
Advanced features enable sophisticated training scenarios. Threat environment simulation includes zero-day exploits, AI-driven attacks, ransomware scenarios, social engineering tactics, advanced persistent threat emulation, and live malware and tactics from actual adversaries. Opposing force capabilities feature auto-opposing force applications for live adversary simulation, ability to train against realistic People's Republic of China, Russia, and Iran tactics, complex multi-actor scenarios (such as Russia engagement while defending against China), and adversary network infiltration, persistence, and survival techniques. Traffic generation provides realistic network traffic patterns, system administrator activity simulation, remote connection patterns, robust pattern-of-life simulation for large networks, and support for operations across friendly, gray, and adversarial network spaces.
The infrastructure relies on major technology partnerships. VMware/Broadcom provides VMware Cloud Foundation as the backbone private cloud platform along with Cloud Director, Tanzu, and related virtualization infrastructure since 2017. NetApp supplies all-flash storage and data management through their ONTAP platform. F5 Networks delivers application delivery networking, load balancing, and traffic management. Red Hat contributes OpenShift Container Platform for container orchestration and management. This multi-vendor technology stack enables the platform's scalability and reliability while avoiding vendor lock-in.
Ambitious expansion and next-generation capabilities through 2029
PCTE is positioned for substantial expansion and capability enhancement through the remainder of the Cyber TRIDENT contract, with aggressive growth targets, significant budget increases, and introduction of next-generation capabilities including artificial intelligence integration, multi-domain operations, and enhanced complexity in adversary simulation.
The growth projections are dramatic: within two years from 2024, PCTE will scale from 4,500 concurrent users to 30,000 concurrent users (567% increase), from 100,000 virtual machines to 300,000 virtual machines (200% increase), and from 4 petabytes to 12 petabytes of storage (200% increase). Infrastructure expansion plans include integration of scalable enterprise platforms for SECRET/RELEASABLE enclaves, TOP SECRET enclave expansion, continued UNCLASSIFIED platform expansion, enhanced Regional Compute and Storage capacity for mission rehearsal, and significant increase in schoolhouse training capacity.
Version releases follow an aggressive schedule: V8.0 in Q2 2024 (approved for release), V9.0 in Q4 2024, V10.0 in Q2 2025, V11.0 in Q4 2025, V12.0 in Q2 2026, and V13.0 in Q4 2026. Each version incorporates feedback from operational users and introduces new capabilities aligned with emerging threats and training requirements.
Budget allocations demonstrate strong commitment to continued development. The Cyber Training Environment Program Element shows FY2024 at $114.980 million, FY2025 at $158.345 million (37.7% increase), FY2026 at $126.987 million, FY2027 at $123.271 million, FY2028 at $139.613 million, and FY2029 at $142.405 million, for a total FY2025-2029 of $690.621 million. Investment areas include event management ($93.951M in FY2025), physical/virtual connectivity ($51.794M), environment operations and management ($10.190M), and test and evaluation ($2.410M).
Artificial intelligence and machine learning integration represents a major focus area for next-generation capabilities. AI/ML capabilities are being integrated to enhance platform operations with enhanced ability to simulate complex attack scenarios, real-time training process optimization, AI-driven opposing forces, and predictive analytics for training effectiveness. These capabilities align with USCYBERCOM's AI roadmap finalized September 2023, which emphasizes that "operational and strategic advantage will accrue to the side that achieves and sustains superiority in collecting and ingesting data, building models and algorithms, and deploying and updating them at-speed and scale."
Enhanced complexity and realism will characterize future training scenarios. Multi-domain scenario integration will incorporate cyber with space and electromagnetic spectrum effects, enabling cross-domain effects simulation and integration with other combatant command operations. Enhanced intelligence integration will present realistic intelligence layers, while more sophisticated adversary behaviors will simulate network infiltration, hiding, and survival tactics. Mike Hudson emphasized in May 2024: "The changes we make in the next couple of years really going to impact the future of how we do operations. We're thinking about how they're getting in the network, how they're hiding in the network, how they're surviving in the network and how do we find them? We're building that complexity in the PCTE today."
Advanced assessment capabilities will improve readiness reporting and evaluation. Planned enhancements include improved readiness reporting and assessment tools, standardized training assessment capabilities, automated performance metrics, integration with JCC2 for enterprise readiness visualization, and enhanced instructor course management. Automated environment building will reduce time to create training scenarios through automated network configuration, external content integration capabilities, and improved notifications and alerts functionality.
Emerging training requirements drive future development priorities. Multi-domain operations demand integration across cyber, kinetic, space, and electromagnetic domains with deconfliction training involving other combatant commanders, cross-theater scenario complexity, and visualization across all domains during collective training. Critical infrastructure defense requires enhanced operational technology training environments, critical infrastructure protection scenarios, non-traditional cyber environment defense, and industrial control systems emulation. Advanced threat scenarios will address nation-state APT emulation, supply chain attack scenarios, disinformation and influence operation integration, quantum computing threat preparation, and 5G and emerging technology vulnerabilities. Scalability for mass cyber operations must support Cyber National Mission Force ability to engage adversaries at scale, larger exercises like Cyber Shield with 525+ personnel from 18 nations, Hunt Forward Operations support, and expanded international partner integration.
International partnerships are expanding significantly. Australia holds a written agreement for PCTE acquisition with delivery completed October 2022 and is pushing for enhanced multi-domain integration. United Kingdom has a verbal agreement for PCTE adoption. Canada remains in active discussions for PCTE acquisition. New Zealand participates in exercises including Cyber Flag. The platform supports Cyber Flag annual multinational exercises (U.S., Australia, Canada, New Zealand, USPS) and Cyber Shield bringing together 525+ cyber personnel from 18 nations with networks comprising 1,200+ virtual devices.
Technical innovations planned include content distribution revolution eliminating physical DVD shipping, enabling synchronized global data-sharing, faster exercise preparation and deployment, and real-time content updates across all nodes. Cybersecurity enhancements feature persistent cyber operations testing by NSA-certified red teams, continuous cybersecurity-focused test activities, purple teaming exercises, enhanced resilience against advanced threats, and automated Authority to Operate capabilities for rapid system accreditation. DevSecOps maturity improvements implement Infrastructure as Code, enhanced frameworks and tools, automated enforcement mechanisms, prototype and development of automated security controls, and centralized security and monitoring for multi-cloud environments. Interoperability improvements enhance JCWA integration across all six components, mission-relevant terrain mapping integration, cyber wargaming concept development, and force design projections through modeling and simulation.
The Cyber TRIDENT contract structure enables technology insertion through multiple contracting vehicles including the primary integration contract, Other Transaction Authority for innovation, FAR-based contracts, and Cyber Innovation Challenges for non-traditional vendors. TRIDENT serves as the primary technology insertion vehicle accelerating capability inclusion closer to time of need and supporting rapid integration of DARPA Constellation and In-Q-Tel innovations through associates contractor agreements for seamless vendor integration.
Strategic challenges being addressed include need for greater complexity in training scenarios, requirement for persistent engagement capability, demand from multiple combatant commands (geographic and functional), balance between current operational needs and future vision, and integration complexity across service-led JCWA programs. Mitigation strategies employ agile "speed of cyber" development approach, modular system-on-chip architecture for flexibility, regular engineering and architecture review boards, continuous user feedback integration, and emphasis on reusability and content sharing.
Looking toward the "Next Generation JCWA" planning horizon, the Senate Armed Services Committee is requiring a plan for Next-Gen JCWA representing evolution from capability architecture to warfighting platform. This vision includes enhanced DevSecOps integration across all components, common development platform to reduce duplication, hardware stack consolidation, and improved overall security through reduced attack surface. The emerging cyber training paradigm shifts from reactive to proactive training with AI-enabled adaptive training scenarios, real-time threat intelligence integration, seamless multi-domain integration, enhanced international interoperability, and continuous rather than episodic training.
Synthesis and strategic outlook
The Persistent Cyber Training Environment has achieved what many large defense acquisition programs fail to accomplish—transitioning from concept to operational capability in under five years while continuously evolving to meet emerging threats. The program's success stems from deliberate acquisition strategy choices: using OTA and Cyber Innovation Challenges during prototyping to rapidly refine requirements, selecting a mid-size contractor (CESI) over defense giants for prime contract based on agility and technical merit, establishing a dual-prime structure separating infrastructure management from training content delivery, and maintaining an open architecture enabling third-party vendor integration rather than creating vendor lock.
PCTE's strategic importance extends beyond training. As one of six components within the Joint Cyber Warfighting Architecture, the platform provides real-time readiness data feeding operational command systems, enabling mission rehearsal in replicas of actual threat networks, supporting the transition from prototype to operational control under USCYBERCOM in FY27, and facilitating international cyber cooperation through Five Eyes partnerships and multinational exercises. The platform embodies USCYBERCOM's strategy of persistent engagement and defending forward by ensuring all 133+ Cyber Mission Force teams maintain proficiency against sophisticated nation-state threats from China, Russia, and Iran.
For someone with your background at SimSpace and Arbitr/UKI, several observations are particularly relevant. SimSpace contributed significantly during the 2018-2021 prototype phase through Cyber Innovation Challenges, providing order portal, content repository development, cyber range platform capabilities, and white cell exercise control—but did not win the prime contract when PCTE transitioned to the consolidated Cyber TRIDENT model. Ultimate Knowledge Institute has established itself as the prime training and assessment provider through the OpenDash360™ platform, functioning as a training aggregator connecting elite vendors including Immersive Labs and Hack The Box, though the exact contractual relationship between UKI and CESI (whether separate primes, prime-subcontractor, or parallel contracts) remains unclear from public sources.
Regarding Arbitr Solutions, extensive research across contract databases, defense trade publications, and industry sources found no documentation of a company by this specific name with PCTE involvement or as a UKI subcontractor. This could indicate the company operates under a different legal name, has been acquired, remains a small subcontractor with limited public documentation, or there may be name confusion with similar entities like Arbitr Security/Arbitr Training or Arbit Cyber Defence Systems.
The program now stands at an inflection point. With the Cyber TRIDENT contract running through 2029, stable budget growth projecting $690+ million through FY2029, aggressive scaling to triple capacity by 2026, and transition to USCYBERCOM operational control in FY27, PCTE is maturing from Army-led development project to joint operational capability. The technical roadmap emphasizes AI/ML integration for adaptive training, multi-domain operations scenarios, enhanced complexity in adversary simulation, and continued international partnership expansion—positioning PCTE as the foundation for joint cyber training through the next decade as adversaries integrate cyber effects with conventional operations and near-peer competition intensifies in the cyber domain.