Reorganization boosts Air Force ability to fly and fight in air, space and cyberspace.
Part of the U.S. Air Force’s computer network defense efforts involve 67th Network Warfare Wing airmen monitoring Internet activity from a center located at Lackland Air Force Base. The wing falls under the auspices of the newly created Air Force Network Operations Command (AFNETOPS), Barksdale Air Force Base.
Convergence is taking place in the military for more than voice, video and data these days. The U.S. Air Force’s new Network Operations Command and the redesignation of the 67th Information Operations Wing as the 67th Network Warfare Wing set into motion significant changes intended to improve network command and control and situational awareness as well as the synergy between network warfare disciplines. As the service implements the evolutionary strides of this reformation, information technology will become an even more integral part of a
Establishing the Air Force Network Operations Command (AFNETOPS) at Barksdale Air Force Base,
The decision to create AFNETOPS was the genesis for standardizing network operations tactics, techniques and procedures across the Air Force and driving out the “county option mentality.” And an assessment of the state of the service’s information technology portfolio quickly revealed that change was needed. The general notes that more than 17 entities in the service had their own network operations and security center (NOSC) or similar network operations center. This multiplicity resulted in significant time delays when new technologies were being implemented, and it complicated command oversight and policy compliance, he says.
Centralizing C2 of network management has become critically important for a number of reasons, the general relates, not the least of which is network defense. “We are under daily attack in cyberspace. It is imperative that we better organize ourselves to successfully fly and fight in cyberspace,” he states.
“Folks sometimes forget that we are at war both from the global war on terrorism standpoint and, I believe, we’re at war on a daily basis from a network standpoint. Non-peer adversaries and routine hackers and crackers are trying to penetrate our DOD [Defense Department] networks day in and day out. Some of them are doing it for fun, and some of them are doing it to do harm to our particular systems, which is very unfortunate. That was the crux behind why we established the AF Network Operations Command—to defend our networks,” he says.
The vulnerabilities that exist in the Air Force’s networks are the result of more than a decade of individual commands and bases acquiring individual technologies that met their own needs. Gen. Maluda credits now retired Maj. Gen. Dale W. Meyerrose, USAF, with changing this process by setting up the first NOSC at Langley Air Force Base in
But the benefits of unifying network C2 far exceed those of developing a better defensive posture. The network-centric warfare concept has proved its worth in current operations, and combining air power with networking power supports the evolution of the 8th Air Force from a global strike capability to a global effects force. Because 8th Air Force assets include bombers as well as intelligence, surveillance and reconnaissance airframes, networking will allow it to share comprehensive actionable information about the battlefield with warfighters through the Distributed Common Ground System.
Gen. Maluda explains that this is a significant capability because it builds the bridges between combatant commands. “It transcends the geographical AOR [area of responsibility]. It is global in nature because the enterprise is tied together in all those areas. We’re looking at the enterprise from a global perspective and not from a particular area. And when I say global effect, it also applies to our strategic bombers—our strategic airframes—because we’re able to deliver, from the continental U.S., a global effect anywhere in the world via the resources that we have at hand, including the tanker support that we get from Air Mobility Command,” he says.
From a service standpoint, a single networks overseer will help the Air Force address a challenge that all the armed forces are facing today: manpower realignments aimed at balancing the force. The command is working with all of the MAJCOMs to consolidate staff and resources to meet AFNETOPS requirements while simultaneously ensuring that the network continues to support each MAJCOM’s unique mission.
In addition to improving network defense and the effective employment of personnel, bringing network C2 under one umbrella will result in far-reaching advantages, Gen. Maluda points out. Air Force warfighters now have a single, unified, clear voice to advocate for their needs and interests in network warfare, network operations and network effects. “AFNETOPS also underpins the Air Force’s distinctive capabilities of precision engagement, information superiority, air and space superiority, global attack, rapid global mobility and agile combat support. This benefits not only the Air Force warfighter but also the joint warfighter,” he maintains.
In addition, joint warfighters now have a single face for interaction with the Air Force, he adds. If their GIG systems work with one set of Air Force components, they work with all of them. “If they need to get parts to work together, we now solve the problem once and are done, rather than once for each different function or AOR,” Gen. Maluda states.
While changes are in full swing at AFNETOPS, additional and even more intricate changes are occurring at the 67th Network Warfare Wing, Lackland Air Force Base,
Col. Kathryn L. Gauthier, USAF, explains that as the 67th Information Operations Wing, her organization handled a diverse range of tasks: from network defense to special operations to intelligence support. The colonel, who commanded the wing during the transition, was instrumental in helping shape the responsibilities of the redesignated 67th Network Warfare Wing and served as its commander briefly before moving to a position with the National Security Agency.
|Members of the 8th Air Force Network Operations Security Center (t), or AFNOSC, maintain situational awareness and thwart threats to Air Force networks. Personnel rely on information poured in from around the world and presented on large-screen displays located within the center (b). As part of the realignment of duties, command of the AFNOSC moved from 8th Air Force Detachment 1 to AFNETOPS.|
The 67th Network Warfare Wing’s focus expands in both breadth and depth. The responsibilities of the Air Force’s NOSCs—previously dispersed in 10 locations—are now handled by the wing from centers at Langley Air Force Base,
In addition to maintaining the wing’s traditional role in network defense, the redesignation ensures that defensive measures are beefed up and deployed throughout the Air Force. Col. Gauthier explains that the wing has retained the responsibility of staying abreast of emerging vulnerabilities and sharing that information with other Air Force organizations. In the past, notices and patches were sent into the field, but often they were not implemented for many reasons, including the fast pace of operations. However, both the standup of AFNETOPS and increased support from the 67th Network Warfare Wing centralize and streamline the administration of these defensive efforts, reducing vulnerabilities, she says.
With its redesignation, the wing now also has computer attack and exploit mission responsibilities. The colonel notes that it has a small but growing capability and a small group of personnel in this area that is trained, certified and authorized to take action when a combatant commander issues an execute order to conduct computer network attack missions.
“What we need to do is to continue to grow the capability, continue to have more airmen capable of conducting these missions as part of a joint team and be in collaboration with the national intelligence community. Right now, we work closely, for example, with the National Security Agency. Because the Air Intelligence Agency [AIA] is the service cryptologic element, it has the authority to carry out signals intelligence missions. Because we are affiliated with AIA, we have the authority—again with its oversight—to conduct those signals intelligence missions, computer network exploitation being one of them. We’re also a Title 10 warfighting unit under 8th Air Force. So by virtue of that, airmen in the 67th Network Warfare Wing can do both computer network exploitation and computer network attack,” Col. Gauthier states.
The colonel allows that the consolidation of defensive and offensive tasks under the 67th Network Warfare Wing enables the Air Force to operate in cyberspace in a way it has not been able to do before. But now that the wing has this focus, it needs to be able to switch from a defensive to an offensive role. “Let’s say that our defenders see an adversary penetrating the network. They need to be able to hand that off in real time to those who are authorized and certified to conduct exploitation. Those exploiters can watch the adversary on the network and see their tactics, techniques and procedures. They can see what kind of information our adversary is trying to gain from our networks, follow them back and see the point of origin,” the colonel says.
“Likewise, again when authorized, that mission needs to be passed off to computer network attackers who can take the information that the exploiters have gained about where the adversary is vulnerable and which adversary it is and be able to strike a blow to prevent future attacks or somehow disable the operations that the adversary was trying to take against us,” she adds. The colonel admits that one of the biggest challenges is tearing down the walls that exist among computer network defense, exploitation and attack so that the Air Force specifically and the
Richard White, director of information operations, 67th Network Warfare Wing, says the commercial sector can contribute greatly to both alleviating vulnerabilities and defending networks. “A piece of the technology struggle we have had for a very long time is that most companies deliver information technology in an unsecured state, meaning they don’t patch it before they send it to us. They deliver it to us and then they say, ‘Go out on the Web and download all the patches.’ Well, just connecting to the Web to download it, an immediate intrusion happens. So it needs to be delivered in a secure state. That’s one thing that industry can most certainly do to assist us,” White says.
White notes that network defense technology has come a long way in the past several years. Intrusion detection technologies, for example, were not available from the commercial sector, so each of the services as well as the Defense Information Systems Agency developed its own solutions. “Those commercial technologies have now well surpassed the expectations that we had just a few years ago,” he says.
Industry is developing better solutions for both detection and response to network breaches. Standard firewalls are being replaced by information protection systems that combine intrusion detection with rule implementation to defend networks simultaneously, White offers.
These improvements give rise to a different concern. An increased dependency on commercial technologies for network protection could create a new vulnerability, White reveals. “The same people who would attack the military using cyberspace technologies have access to those commercial technologies, and they can reverse-engineer them or put them in a lab and figure what they can do to get around them. They can readily identify what the DOD is using based on how that device responds when they do something. Then they know, ‘OK, they’ve got XX company type of device so now I know how to get around it.’ That is still one of our concerns, and we’re wrestling with the investment decisions about how to address it. But largely the improvements have been so substantial for network defense, we couldn’t be happier,” White says.
One area where industry should start investing is in self-correcting, self-healing redundancies in network capabilities, he offers. The goal is to allow network operation even under degraded conditions. “That’s just one of those areas that, because of this growing reliance especially in the