Air Force Looks To Better Synchronize Defensive Cyber Operations

For the U.S. Air Force’s 16th Air Force, increased harmonization of its cyber warrior units is a key priority, said Lt. Gen. Thomas “Crypto” Hensley, commander, 16th Air Force; commander, Air Forces Cyber; and commander, Joint Force Headquarters-Cyber (Air Force), speaking at the Air and Space Force Association’s Air, Space & Cyber Conference on September 22 at National Harbor, Maryland.

To provide defensive cyber operations (DCO), the numbered air force leverages both cybersecurity service providers, or CSSPs, and cyber protection teams (CPTs), to conduct persistent monitoring and pointed defense, respectively.

“Previously, we had always looked at those as different mission sets, but in reality, they have a common mission, and that's to secure and defend our networks,” Hensley stated.

The CSSPs provide 24/7 persistent monitoring of networks, weapon systems and command and control platforms, looking for anomalies or acting on intelligence reports on adversarial cyber behavior.

CPT teams, meanwhile, provide “point defense with a focused deeper dive, with exquisite tools that they use to root the adversary out, to kick them out, to mitigate and to harden that network,” the commander explained.

The service is working to bring these separate entities—housed in the 688th Cyber Wing and the 67th Cyber Wing—operationally closer together.

“We are coming up with a DCO campaign plan that better synchronizes the nexus between our persistent monitoring and our point defense,” Hensley stated. “That's a key piece.”

The commander emphasized that the plan would leverage both a sensor strategy and a data plan.

In addition, the service’s cyber arm is looking at how to better defend Air Force bases from a cybersecurity point of view.

“Whenever we talk about base defense, it is always in terms of kinetics,” Hensley noted. “It's always in terms of ‘how do we defend against small UAS’, ‘how do we defend against missile strikes?’ Those are absolutely important aspects that we need to figure out. But we also need to start talking in terms of cybersecurity.”

And while the 16th Air Force already examines base cyber defense, the service needs to consider larger cyber network risks, say from a utility company to which a base is connected.

“We can do all that we can to defend those bases, but realize that those bases rely on public utilities, and if those public utilities are attacked, we'll have a week, maybe two weeks, of generator power to keep missions going, but then that's it,” he suggested. “So, how do we protect the public utilities that are supporting the bases so that we can continue to fight?”

Here, the 16th Air Force set up cooperative research and development agreements, or CRADAs, with public utility companies “at a variety of strategic locations and bases,” Hensley said.

The agreements feature a range of CRADAs, such as an intelligence-sharing CRADA to disclose to a utility any adversarial activity in its networks.

“There's a CRADA where we can share best practices and TTPs [techniques, tactics and procedures] on what works, as far as eradicating adversaries that are in the networks,” he said. “There are some CRADAs where we can get an agreement, where we can put our sensors on their systems and we can do the persistent monitoring.”

That example is a little more complex, as it falls into the Department of Homeland Security responsibilities and authorities. The commander offered that it could involve a total force solution, with Air National Guard cyber experts.

In addition, the 16th Air Force is turning to universities to perform research and development for material exploitation to find tools to improve the cybersecurity of bases.

“As we continue to look at how we help harden our bases, we are reaching out to academia,” he shared.