Relevant links are at the bottom of this post.
NATIONAL HARBOR, Md. (AFNS) — Cyber resiliency and hardening are more important now than ever and the Air Force Materiel Command commander made that point as she addressed a crowd at the Air Force Association Air, Space and Cyber conference here Sept. 21.
Gen. Ellen M. Pawlikowski, the AFMC commander, showed the crowd a scene from “Interstellar” where a family was able to hack in and take control of a government remotely piloted aircraft — something Pawlikowski said is a real possibility, and could have serious consequences if adversaries are the ones who are able to hack and take command and control of Air Force weapons systems.
Several years ago, the Defense Department put together a cyber strategy that called for services to develop plans to increase cyber resiliency of weapons systems. Led by the Air Force Life Cycle Management Center, AFMC and Air Force Space Command teamed up to form the Cyber Resiliency Steering Group.
“The focus of this group was to take a look and understand first of all what was the threat and what … should we do in order to ensure that our weapons systems were secure from this cyber threat,” Pawlikowski said.
According to Pawlikowski, the group took a systematic approach to identify the root problems of cyber vulnerabilities.
So, the group formed the Air Force Cyber Campaign Plan which includes seven lines of attack, or LOA.
Mission thread analysis
Pawlikowski said for the first LOA, “We want to be able to ‘bake in’ cyber security from the beginning … with our weapons systems.”
She said the key of the first step is to address cyber security as early as possible in the life cycle of a process, weapons system or mission.
Developing cyber resiliency tools
Pawlikowski said it comes down to risk assessment and ensuring Airmen are asking the right questions during each stage of the life cycle of a weapons system.
A big part of preparation means ensuring the right type of cyber testing is being done, she said.
Developing cyber expertise
She said the third LOA means the Air Force needs to ensure Airmen at all levels are being educated on how to remain cyber resilient.
In order to educate the workforce, the general called for training programs, classes and incorporating cyber training into different professional military education programs. It won’t mean more computer-based training, but would ensure Airmen have a full understanding.
But this will also incorporate stages from the first LOA, which will require the bake-in method, meaning cyber operators and those responsible for cyber defense will be top priority in receiving training and education.
Making weapons systems capable of cyber resiliency
The general said the fourth LOA is about introducing improvements into weapons system to have the ability to adapt them to be agile when being responsive to a threat.
“A cyber threat moves fast and we have to be able to respond quickly. We can’t take 10 years to change out the … precision navigation and timing equipment in an airplane if there’s a cyber threat that has been able to negate our ability to use GPS,” she said.
Pawlikowski also said that this all needs to be done at a rapid pace while still being low cost.
Feeding right off of LOA four, LOA five means Airmen need to adapt and be agile but in a secure way.
“One of the things the team identified right away is that we are all over the map in understanding the security environment we need to deal with in a cyber environment,” she said.
The general said it means everyone being on the same page when engaging in cyber systems, having a common understanding, language, process and more.
Using, protecting current resources to advance
With weapons systems that were developed long before the thought of cyberattacks were really an issue, there has to be a way to ensure legacy systems are being protected while still being used.
Pawlikowski said the Air Force Research Laboratory is working hard to develop tools that will be able to battle a combination of threats.
“We need to have cyber intelligence as part of this solution, we need to understand where the threats (are going to) be (and) we have to be able to project what we might see,” the general said.
She said that means getting the right analysis and tools in place in order to get the information Airmen need in order to defend what we have.
“None of this is rocket science, none of it is ‘Oh my gosh, we need a new technology, … where are we going to have that next breakthrough thing,’” Pawlikowski said. “This is all just plain hard work. This is all just digging in, … using the tools that we have and putting the focus on it, so that’s what we’ve done with our cyber campaign plan.”