Flying Military Branch Maneuvers in Cyberspace

Airman 1st Class Caleb Force, USAF (r), helps 1st Lt. Jorden Smith, USAF, locate simulated targets during an MQ-1 Predator training mission at Creech Air Force Base (AFB), Nevada. The U.S. Air Force works constantly to keep networks running to ensure the viability of systems necessary for operational success.

The U.S. Air Force has embraced cyber as a domain and is intent on using the network as it does its other domains—space and air. From the basic approach that all airmen must do their part for security, to the effort of engaging in aggressive cyberoperations, the military branch is covering the gamut of the virtual battlespace. Success in the cyber realm is tied to victory on the battlefield, making such nonkinetic efforts critical to saving lives, completing missions and ensuring the proper functioning of services to military members and civilians.

At the U.S. Air Force Warfare Center, headquartered at Nellis Air Force Base (AFB), Nevada, the mission is to shape how the Air Force fights through operational testing, tactics development and advanced training in the three domains at the operational and tactical levels. Personnel at the center are working to develop operating procedures for missions that exist within the cyber domain, including information operations. Lt. Col. William “B.H.” Poe, USAF, chief of information operations at the WarfareCenter, explains that by nature his organization develops tactical procedures for conducting the Air Force’s primary missions such as interdicting enemy targets and suppressing enemy air defenses. Traditional combat missions increasingly are becoming coupled with nonkinetic operations, which achieve desired effects using nonlethal methods.

This combination especially is important when a combatant commander desires nonlethal outcomes. Col. Poe explains that nonkinetic effects are desirable in many conflicts today, especially counterinsurgency operations waged in urban environments. “We don’t want to destroy their stuff,” he says. When the United States damages infrastructure and capabilities, it has to pay to rebuild and loses points in the fight to win the hearts and minds of the populace.

With increased restrictions on what can be done on the battlefield, commanders have to seek other options to meet objectives. “Using operations in the cyber domain to achieve a joint force commander’s objective tends to be our focus,” Col. Poe states. Nonkinetics, according to the colonel, now are viewed as first-available options. If they succeed, nothing is destroyed, but the behavior of the target set is altered. “That’s the ultimate goal,” he says.

Warfare Center personnel are combining knowledge from the center’s various missions to develop tactics, to train and to write playbooks for future operations to achieve greater objectives with less collateral damage. Just as the center works to ensure bombs fall on the right targets, it is building playbooks and scripts to ensure the correct nonkinetic assets are in place to deliver the right nonkinetic effects and operations to achieve component-level objectives.

The center’s work is not geared toward defending networks, but toward pushing them to the tactical edge, ensuring that infrastructure travels with warfighters. The defense the center does conduct identifies threats present to networks in forward-deployed areas. These networks include not only the Internet, but also airborne networks. Col. Poe says the keys to success are recognizing a threat and training warfighters how to handle it.

The various aspects of the center’s cybermission often are more easily said than done. The Air Force’s method of business is to conduct operations with well-known, well-tested and well-trained procedures. Following those guidelines is easy enough when airmen have to bomb tanks, but, as Col. Poe explains, “It’s very difficult to do with the current mindset in a domain that changes daily.” The standard operating procedures for the cyber domain have to be flexible and agile so they can change at the speed of light to avoid detection and isolation. “It’s a completely different way of thinking for conventional Air Force warfighters,” Col. Poe says.

Though training and tactics are developed for each domain, no domain operates in a stand-alone fashion. Col. Poe explains that a combination and an integration of air, space and cyber using lethal and nonlethal effects achieve what commanders need. Whether the goal is to destroy a terrorist encampment or reach inside an urban area so forces on the ground can extract an enemy nonlethally, a cross-domain approach is required, he adds.

Integrating air, space and cyber has become a major effort in the Air Force referred to as cross-domain integration, or XDI, which has proven successful in current contingency operations. “Right now it’s difficult to conduct a WarfareCenter event … without XDI being a primary focus,” he states. The Air Force has tried to approach cyberoperations as jointly as possible from the start with nonkinetic operations supporting the joint warfighting effort. According to Col. Poe, only about five years ago warfighters considered information operations or operations in cyberspace as stand-alone events. Integrating the combined effects is the new way of thinking, and Air Force leadership is driving the change.

The ability to conduct cyberoperations efficiently keeps other aspects of Air Force missions running. Unfortunately, enemies can attack the cyber domain more easily and with less sophistication than they require in air or space. Col. Poe says that in his opinion, the doomsday scenario is one in which all networks are rendered nontrustworthy, ineffective or nonoperational, requiring the Air Force to return to paper charts, paper orders and handwritten messages. Though he states such a situation would not shut down the Air Force as a force or component, it would be detrimental to operations. However, the colonel never expects that problem to occur because defenses are in place with enough depth to thwart that type of condition.

Airmen update anti-virus software to shield Air Force units from cyberspace hackers at Barksdale AFB, Louisiana. Air Force cyberoperations include this type of protection, using cyberspace for aggressive action and providing capabilities to troops at the tactical edge.

The job of protecting the network from the dangers threatening it is the responsibility of every airman. “The WarfareCenter is not specifically chartered with protecting the military’s network,” Col. Poe explains. “In fact, the entire Air Force is.” That includes brand-new recruits all the way up to the highest general. “To do that, we are trained routinely on operation security and computer network security by our communications professionals who really do hold the hammer on protecting the network.”

And those communications squadron personnel have plenty to deal with, especially because the same airmen tasked with protecting the network also are one of its biggest threats. Communications squadrons can have all the technological pieces in place—all the software, all the intrusion detection systems—and be foiled by one uneducated user who brings malicious content into the network. 2nd Lt. Ryan Morris, USAF, officer in charge of the network control center, 99th Communications Squadron, Nellis AFB, shares that communications personnel have to educate others on which e-mails to open and what not to download, as well as try to identify legitimate items. The lieutenant is more worried about someone inside making a mistake than someone outside taking the network down. He explains that many people are not technically savvy, especially those who view the network simply as a way to do business without being aware of the threats.

E-mail attacks are a prolific problem encountered in network security operations. People with malicious intent send messages into the network via attachments or links and try to convince receivers to open them. Lt. Morris explains that some of the adversaries trying to cause damage to the network are slick operators who rely on social engineering. They work to extract information that often might seem unimportant to network users, but, says the lieutenant, one little piece of data might help them complete their puzzle and fill in the missing spot in the big picture.

The most common attack is network scanning, which Lt. Morris describes as people “just kind of poking us in the forehead, trying to fingerprint us.” These attacks also seek to discover what software users employ, because all information gathered helps develop future attacks.

A vulnerability attracting attention recently is the thumb drive, which the lieutenant says definitely poses a security risk. “We are warning people about that,” he states. Communication squadrons are spending time trying to educate people on how to use the devices correctly. Protecting against such outside products is a concern for cybersecurity personnel. With most software either contracted or commercial off-the-shelf, the military’s insulation from private-sector woes is minimal. To mitigate risks, products are tested extensively and subjected to vulnerability assessments before a go-ahead decision is made.

Lt. Morris stresses that the Air Force should be worried about attacks and that the threat of an event that drastically affects operations is real. Using a basic example, he explains that just e-mail capabilities going down would eliminate the Air Force’s main method of information dissemination to massive groups at once. Network damage also would affect flying missions and putting bombs on target.

Communications squadrons are the ground-level defense organizations against all the types of attacks. Though they handle many problems, threats such as aggression by a foreign nation or organization would move up the chain of command for resolution. The squadrons would take initial action, gather as much data as possible and then immediately escalate the issue to higher echelons. However, changes are afoot in the way network security is handled. Lt. Morris shares that the Air Force is trying to move to an integrated type of construct, as is the private sector, in which consolidated network control centers manage everything network-wide and only touch maintenance occurs at the bases.

In addition to the tasks of protecting and defending the networks, the Air Force engages in other, more directly active operations in cyberspace. The military branch is taking an aggressive approach to cyberoperations, as demonstrated by the existence of organizations such as the 67th Network Warfare Wing at Lackland AFB, Texas. The wing’s mission is to “execute Air Force network operations, defense, attack and exploitation to create integrated cyberspace effects for Air Force Network Operations Command and combatant commands.” The wing’s vision is to serve as the “Air Force’s premier force holding adversaries’ network at risk while protecting our own.” The 67th Network Warfare Group has six operational squadrons around the globe that employ Air Force assets to conduct network attack along with network support and electronic systems security assessments for the Air Force and joint units.

WEB RESOURCES
67th Network Warfare Wing: www.8af.acc.af.mil/units/67nww/index.asp
U.S. AirForceWarfareCenter: www.nellis.af.mil/library/factsheets/factsheet.asp?id=4082
99th Air Base Wing/99th Communications Squadron: www.nellis.af.mil/library/factsheets/factsheet.asp?id=4083