11/19/2014 – HANSCOM AIR FORCE BASE, Mass. — “Cyber is a domain – like air and space. Manmade, constantly changing, which spans across all other domains.”
These were the words of the Secretary of the Air Force’s Cyberspace Strategy and Policy director Brig. Gen. Sarah Zabel, as she took center stage during an Association of Old Crows cyber summit in Bedford, Mass., Nov. 13.
Zabel, along with Hanscom’s two program executive officers and various other subject matter experts, addressed a crowd of more than 100 industry, academic and military attendees, who converged to discuss the latest and greatest in cyber technology and warfare.
The Air Force has approximately 2,000 people that make up its offensive and defensive cyber mission forces, but like the summit’s diverse audience, it takes the collaboration of many organizations to operate successfully on this battlefield.
“We can not deliver anything without industry,” said Battle Management PEO Steven Wert, as he emphasized the importance of partnership and also alluded to a whole government approach to cyber.
Wert began his address by delivering some alarming statistics and focusing on existing and emerging threats. Citing a recent internet security threat report for 2013, there has been a 91 percent increase in targeted attack campaigns, 62 percent rise in the number of breaches, one in 392 emails contain phishing attempts and 38 percent of mobile users have experienced cybercrime.
The numbers are staggering and “all of these represent vulnerabilities to our programs,” Wert said. “Fortunately, we don’t have very many single points of failure.”
In an effort to improve Air Force security measures, an inner and outer layered security approach is used to mitigate threats. The outer layers range from building security all the way to a server, while inner layers range from antivirus software all the way to a computer.
As another safeguard, the Air Force implemented includes a command cyber readiness inspection. Conducted by the Defense Information Systems Agency, an inspection team assesses a base’s network infrastructure, domain configuration and policy, internal vulnerability scan, wireless security and physical security means.
“The threat spectrum is out there,” Zabel said. “Our response has to be more capable and more serious [than it is now].”
The director also emphasized the Service is taking a hard look at information dominance.
There are four main goals associated with information dominance. First, provide trusted information to Airmen. Second, organize, train and educate Airmen.
“Education has to happen at all levels and Airmen need to understand the cyber mission,” Zabel said.
Third, strengthen information assurance; acquisition requirements must be defined to include cyber – from test and evaluation all the way to sustainment. Lastly, optimize planning and execution of investments, such as the Air Force’s cyber weapon systems.
There are seven cyber weapon systems and all are managed by the Command, Control, Communications, Intelligence and Networks Directorate at Hanscom; three of the programs reside on base.
Capable of both offensive and defensive measures, the systems are designed to operate the AF Information Network; defend the network, key mission systems and specific nets; and actively engage adversaries.
“We expect to see more systems designated as weapons in the future,” said Maj. Gen. Craig Olson, C3I and Networks PEO.
While it is Air Force Space Command’s 24th AF’s role to operate the systems, the C3I and Networks Directorate at Hanscom is responsible for acquiring and sustaining these systems. Together, they are able to ensure forces are properly equipped to conduct cyber operations.
Referring to the ever-evolving nature of cyber challenges, the general compared today’s environment to a “cyber arms race.”
“However, we [the AF Life Cycle Management Center] are postured to provide technology solutions at the ‘speed of need,'” Olson said.
Another theme that emerged during the summit was cyber resiliency.
Cyber resiliency is “our ability to still accomplish the mission despite cyber-attacks,” Olson said. “It is becoming more critical as we look at future conflict,” Olson said.
Wrapping up the summit, a panel of speakers from Google, Akamai Technologies, Massachusetts Open Cloud, Disruptive Technologies Corp. and moderated by Dr. Tim Rudolph, LCMC chief technology officer, addressed the challenges and opportunities associated with cloud computing.
According to Dr. Joe Besselman, Disruptive Technologies Corp., getting to cloud is going to require a “huge culture change,” and program managers can’t change culture; leaders have to change culture.
The two-day cyber meeting concluded after the discussion, leaving all parties with a better understanding of the military’s, industry’s and government’s current perspective on cyberspace and the direction it’s headed.