Ensuring Cybersecurity and Communications During COVID-19
The Air Force’s A-6 considers how to heighten cybersecurity in a work from home culture.
Helping to meet the teleworking needs of the U.S. Air Force during the COVID-19 pandemic has been no small feat over the last six weeks. At the same time, the service is working to maintain the security of Air Force networks and communication tools in order to continue daily operations and critical mission functions, explained Brig. Gen. Chad D. Raduege, USAF, director of Cyberspace and Information Dominance and chief information officer, Headquarters Air Combat Command, Joint Base Langley-Eustis, Virginia.
Gen. Raduege, whose role is also known as the A-6, was AFCEA Tidewater’s luncheon speaker during a virtual monthly meeting last week.
The urgency to quickly adjust to the new working environment has catapulted additional network and communications capabilities into use. “What we have typically viewed as a year-long or several-years long implementation of projects has been going in a matter of weeks or even in days,” the general noted.
Before the pandemic, the Air Force had established about 14,000 secure virtual private network (VPN) connections, Gen. Raduege said, to support airmen working outside of the office, in the evenings or while on temporary duty travel. Now, the service has rolled out 250,000 concurrently-available VPN connections, and they are working to build out the capacity even more, to an estimated 400,000 connections. “That is about a 1700% increase in just our VPN capacity,” Gen. Raduege said. “That’s pretty exciting.”
One particular VPN capability the service has fielded—with the help of the Defense Information Systems Agency (DISA)—is a joint service project, known as the JRSS, or Joint Regional Security Stacks, which has improved virtual network security. JRSS is a combination of equipment that enables firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding, and other network security capabilities, according to DISA.
At the same time, the A-6 recognizes that cybersecurity risks have grown. Cyber marauders have increased malware and phishing attempts during the pandemic, and the spike in working from home instances has broadened the target for such malicious activities, the general said.
“Our challenge now is thinking about that problem set and what we have to put in place. Defensive cyber operators are figuring out what are the right focus areas,” he said.
The service’s Cyber Squadron Initiative and Cyber Mission Defense Teams (MDTs) are maintaining their protections as well as considering how communications and weapons security needs will evolve post-COVID-19. It is a total force effort, with the Air National Guard at Little Rock Air Force Base, Arkansas, and McGee Tyson Air Force Base, Tennessee, in particular, training the MDTs.
Part of the challenge is to instill a cybersecurity mindset to all airmen during COVID-19, and ensuring that while they work from the comforts of home, they still understand the risks. The Air Force Information Network (AFIN) Mission Assurance Center, or AMAC, is one of the groups working to build a culture of connecting the airmen.
“What we have been communicating [to airmen] as we have gone into this teleworking environment, is ‘make sure that you understand that you as an airmen have a role in cybersecurity and…. what types of information are you sharing,’” Gen. Raduege emphasized. “We are having to think about things differently.”
In addition, the increased distributed working environment, and a higher level of demand for throughput in certain locations around the globe quickly tested the service’s bandwidth capacity. “We have had to put a rapid response in place, coordinating out of our Triple-C [the Cyberspace Capabilities Center at Scott Air Force Base, Illinois] to DISA, to put in some long-haul circuits. “Our bandwidth across the U.S. Air Force has increased 150% in just the last six weeks,” the general shared.
To connect airmen working remotely, the Air Force—and the rest of DOD—is harnessing a commercial virtual remote (CVR) environment from Microsoft Teams. The platform allows warfighters to collaborate with one another and in some cases doesn’t require the use of a common access card, or CAC. The tool has quickly gained popularity and the Air Force already is advocating for funding to continue the use of CVR, post COVID-19.
“What I love about CVR is that nearly my entire career, we’ve been talking about the need for an Air-Force-wide collaboration tool,” Gen. Raduege said. “And my entire career, we’ve talked about the need to have a DOD-wide collaboration tool. I think it is amazing that the DOD CIO [Dana Deasy] was able to secure the funding fast enough and develop a plan with Microsoft to push this out across the entire DOD to four million folks.”
Ideally the Air Force would like to employ some type of mobile Secret Internet Protocol Router Network, or SIPRNet, capability, the A-6 mentioned.
In addition, with capabilities in place for COVID-19 monitoring, the Air Force is seeing a ton of data-related activities, and officials are considering different ways of using the data for analysis, especially for second- and third-order impacts. “We see this as a growth area now and going forward,” he noted.
The service’s Joint All Domain Command and Control (JADC2) efforts are continuing, with Nellis Air Force Base, Las Vegas, Nevada, being “JADC2 central,” although understandably the planned second exercise for April was postponed. The service’s combat communications rodeo also will be rescheduled.
You may also enjoy: