Air Force Cyber Faces Familiar Challenges
The menace to the critical infrastructure mirrors the threat to combat air operations.
Tasked with expected challenges to its air and space networks and data traffic, the U.S. Air Force also is seeing an increasing amount of cyberthreats directed at its base infrastructure. The service projects power from its bases, and the cyber attacks it faces there are similar to those aimed at the U.S. critical infrastructure.
This comes as the service executes a greater effort to incorporate cyber into combat operations. With bases serving as an operational part of Air Force warfighting, adversaries are striving to inhibit U.S. air supremacy through cyber attacks abroad and in the United States. As a result, the Air Force is improving both its offensive and defensive capabilities in cyberspace to deal with virtual and kinetic threats.
Maj. Gen. Burke Edwin Wilson, USAF, commander, 24th Air Force and Air Forces Cyber, explains that the Air Force views cyber as its third domain of operations, along with air and space. The defense of cyber capabilities that enable air and space operations used to take place in a passive environment, the general says. Systems largely were not stressed, and most issues were blue-on-blue.
Today, the environment is highly contested. Not only must procedures and capabilities change, but also the service—and the Defense Department at large—must build, instill and strengthen the operations culture that increasingly defines cyber activities. Cyberthreats have picked up in pace and sophistication to an unprecedented degree, Gen. Wilson points out.
The Air Force stood up its Task Force Cyber Secure last year, and it includes several initiatives geared toward cyber challenges. Acquiring systems that are more resilient against cyberthreats as well as understanding how to operate them in a contested environment are key initiatives, the general notes. From a defensive perspective, the Air Force has broken down its efforts into three segments.
The first is the Air Force Network, both classified and unclassified portions. In the past, defending the network was just a matter of keeping it up and running, the general observes. Now, cyberthreats are far more challenging, and the network is far more complex.
The second area entails weapon systems. In addition to their air superiority mission, aircraft such as the F-22 and F-35 also serve as major sources of data. The F-35 is virtually a network node as it passes data among ground and airborne systems. The two aircrafts’ advanced electronics make them cyber targets, and their data flow is both an asset and a vulnerability.
The third area involves the threats to Air Force base infrastructure. These include attacks aimed at power, water, fuel and safety systems. Several Air Force efforts largely focus on industrial supervisory control and data acquisition (SCADA) systems, Gen. Wilson relates. A project located at cyber headquarters brings in the Air Force’s civil engineering center to examine technologies and operations for infrastructure defense. The Air Force Research Laboratory as well as national laboratories have conducted research in this area in partnership with other U.S. government agencies and departments. And related ongoing initiatives with the U.S. Cyber Command are applied to this challenge, the general says.
In search of resiliency, the Air Force has a series of pathfinders and prototypes underway as part of its security task force. These efforts include recruiting, training and equipping cyber operators to carry out new missions; determining which tools they need; and establishing new tactics, techniques and procedures.
The general notes that combatant and air component commanders want to be able to provide nonkinetic effects, which largely can be achieved through cyber. These nonkinetic effects must be integrated into combat operations where appropriate and when permitted by higher authorities, he points out. This may involve using cyber to support air or space operations, or using air or space capabilities to enable cyber operations.
Last year, the Air Force conducted a series of demonstrations using an EC-130H Compass Call aircraft. Normally an electronic warfare platform used for jamming, the EC-130H was employed to deliver cyber effects. Flying off the coast of California, the EC-130H was able to direct “cyber fires” into select Wi-Fi-enabled networks and manipulate them from the aircraft. Calling this a multidomain operation, Gen. Wilson points out that the air operation achieved nonkinetic combat outcomes in the cyber domain.
The Air Force typically views networks as the normal construct of cyber, Gen. Wilson continues. This forms the basis of cyber defense. For global missions, different cyber systems will be involved—either embedded information technologies or the base infrastructures—that must be defended.
In organizing cyber operations, the Air Force follows its traditional approaches. It has parsed individual capabilities into single squadrons sited in wings instead of pouring all functions into a single entity. The 24th Air Force’s 67th Network Warfare Wing has three groups comprising 13 squadrons; the 688th Cyberspace Wing includes two groups each with five squadrons; and the 689th Combat Communications Wing has two groups with 21 squadrons.
For example, the 688th Wing’s cyber operations group includes several squadrons designated for cyber protection. They conduct cyber vulnerability assessments as well as evaluate any new functions being added to cyber protection. On the offensive side, combat mission teams and national support teams are organized, trained, equipped and presented through the 67th Wing, where they conduct network operations and enterprise defense functions.
Gen. Wilson notes that the intelligence specialists who focus on cyber actually are being organized, trained and equipped in the 25th Air Force. They are part of combat mission teams, combat support teams, national mission teams and national support teams.
All the squadrons and their wings operate under the authority of the 24th Air Force commander—Gen. Wilson. “We bundled capability based on who we were presenting the capabilities to and where those skills already resided in the 24th Air Force and the 25th Air Force,” he explains. He adds that an assessment is underway to determine if this construct is ideal or needs to be revised.
The 24th’s 689th Combat Communications Wing consists entirely of communications squadrons, which reflects the Air Force’s approach of combining communications and cyber. Gen. Wilson explains that cyberspace operations include communications skills. While this approach has been criticized in the past, the general points to several advantages in combining cyber and communications.
He explains that this approach allows the Air Force to build the environment in which it will operate. “We’re actually building the Air Force Network,” the general emphasizes.
The 24th Air Force has five lines of operation. The network is the first line, and the second is to extend that capability out to the tactical elements. This brings into play combat communications, especially in an austere environment. The 24th then operates all networks for the combatant and air component commanders as well as defends them. The final line of operation is to engage adversaries, including in an offensive role. The intermingling of communications and cyber across these five lines defines why the two disciplines are consolidated in the 24th’s operations, the general offers.
“We mix and match those skills—whether you’re building or operating the network, or you’re operating in the environment, those skills come together to execute those lines of operation,” Gen. Wilson declares. “We’re conducting operations being supportive of someone within the cyberspace domain. We don’t differentiate between communications, ISR [intelligence, surveillance and reconnaissance] or cyber—we’re organizing and training talent to conduct operations in cyberspace,” he emphasizes.
For the near future, recent trends in cyber are likely to continue, Gen. Wilson offers. This means a continued emphasis on cyber defense for both networks and missions. The integration of nonkinetic effects into physical combat operations will continue to grow, he adds: “We’ve made some real progress that continues to build momentum. Over the next several years, that will continue to be a real focus of attention.”
The Air Force is driving toward multidomain operations, and cyber is a beneficiary of this trend. The melding of airspace and cyberspace is key, Gen. Wilson says, to bringing the service’s global ISR assets and some of its unique electronic warfare capacity to combatant and component commanders in multidomain operations.
The Air Force also is working to migrate to the next generation of technology, and part of this effort is its involvement with the Joint Information Environment (JIE). The service is “making great progress” on the JIE’s Joint Regional Security Stacks (JRSS), Gen. Wilson states, and it is moving into other capabilities, such as the cloud environment, at an accelerating pace.
The biggest concern for Air Force cyber remains the continued demands it faces on requirements across the board that it must address with limited resources, the general allows. The growth of threats and requirements is stressing the service’s ability to keep pace with existing resources, he says.