Cyber Resiliency a Feather in CROWS' Flight Cap

The U.S. Air Force is developing a methodology for assessing the cyber resiliency of weapon systems and examining how to standardize that methodology across the service. The effort could improve the security of hundreds of weapon systems, including aerial refueling planes, fighter jets and inertial navigation systems.

In January last year, the Air Force announced the creation of the Cyber Resiliency Office for Weapons Systems (CROWS), which was declared fully operational in October, when funding for this fiscal year started to become available. It integrates activities across the Air Force to ensure that weapon systems maintain mission-effective capabilities despite cyber adversities. The office is located at Hanscom Air Force Base, Massachusetts, but contributing staff members come from about a half dozen Air Force organizations at various geographic locations.

“I feel like I’m a quarterback of a large team, only some of whom work for me,” says Col. Edward Masterson, USAF, CROWS acting director.

The office has two primary areas of focus: existing weapon systems and those being developed. The ultimate goal is to overhaul the Air Force culture so that cyber resiliency becomes an integral part of the technology acquisition process.

Although much of the first year was spent establishing an office, this year the team has been hard at work on a number of projects, including the development of a standard methodology for assessing a weapon system’s cyber status. “We are developing a methodology for program offices to do the analysis of how their systems will interact with other systems once they’re fielded,” Col. Masterson says. “We’re working through how to implement this Air Force-wide.”

While most people think of Air Force weapon systems as bombers and fighter jets, satellites, command and control (C2) systems or GPS, the array of weapon systems is far broader and greater. “Just within the Air Force Life Cycle Management Center, I saw a note yesterday that said there are 1,400 weapon systems,” the colonel reveals. “Our job is not to go engage with every Air Force program office. That would be just impossible. What we want to do is change the underlying processes that they are executing.”

He describes CROWS as an Air Force-level office that partners with others across the acquisition and testing community. The birds of a feather in this case include the Air Force Life Cycle Management Center, the Space and Missile Systems Center, the Nuclear Weapons Center and the Air Force Sustainment Center. The flock also includes outside experts from the MITRE and Aerospace corporations, MIT Lincoln Laboratory and Johns Hopkins University.

The methodology being developed for the Air Force was originally created at the RAND Corp. “They did a study on this a few years ago. Now, we have a coalition led by MITRE to really work out the technical details of what you have to do when you want to assess a system in the context of a mission,” Col. Masterson explains.

He compares the methodology to the widely known cyber kill chain framework originally developed by Lockheed Martin. “An analogy to this [methodology] might be kill chain analysis, where you can have one platform, but it’s assessed within a bigger construct of sensors and C2 and platforms and munitions, or nonkinetic means,” Col. Masterson says.

Analyzing a weapon system’s cyber resiliency in isolation would be relatively easy and could result in discovering a number of vulnerabilities, but it still wouldn’t be as effective as looking at the full system of systems. Part of the challenge, the colonel describes, is having a process robust enough to be effective but simple enough that any program office can use it without needing to gather technical data or understanding the complexities of all the connecting systems.

The Air Force is evaluating weapon systems by analyzing mission threads, the series of steps required to accomplish any given mission. “We broke it down and came up with 42 missions the Air Force performs,” Col. Masterson notes.

The team began by exploring a couple of mission threads, including aerial refueling. Tasks associated with an aerial refueling mission include, but are not limited to, pre-mission planning and pre- and post-mission command and control and communications. Those tasks can vary depending on the type of aerial refueling mission. For example, work could support a combat operation or a training exercise.

Boeing’s KC-135 Stratotanker is the Air Force workhorse for aerial refueling missions. In addition, it supports Navy, Marine Corps and allied nation aircraft. The Air Force also is procuring Boeing’s KC-46 Pegasus tanker, which the company describes on its website as a “wide-body, multirole tanker that can refuel all U.S., allied and coalition military aircraft compatible with international aerial refueling procedures.” The KC-46 program has seen substantial delays.

“We’ve looked at the KC-135. We’ve looked at the new KC-46. We’ve looked at some of the receiver aircraft, a couple of fighter aircraft and some of the communications infrastructure,” Col. Masterson reports. He adds that an aircraft communications infrastructure can include radios, datalinks, laptops and unclassified or classified networks.

The possibility of a cyber attack affecting refueling missions is a threat the Air Force takes seriously. For example, a cyber attacker could infiltrate a plane’s computer systems and change the rendezvous point, causing the aircraft to miss a chance for refueling. Or, a base-level attack could shut down the so-called fuel farm, preventing a mission commander from launching aircraft. “That’s a mission failure,” Col. Masterson declares.

As Air Force bases evolve into smart bases with Internet of Things technologies, the cybersecurity risks grow dramatically. “As we connect everything to everything, [cybersecurity] is more and more important,” the colonel offers.

The methodology builds on prior work. “We had done some previous work on suppression of enemy air defense. We did some work on personnel recovery, bringing in helicopters and air support, and a different type of command and control,” the acting director recalls. He adds that some of that work goes back a couple of years, but the methodology is now being applied to other systems. “That is happening with the F-16 and B-2 and GPS and munitions systems and ground C2 systems.”

In addition to developing the methodology, the CROWS team is helping to find or develop technologies for cyber analysis and security. “We’re out surveying which tools are available, which ones work best, and we’re even prototyping a few of our own tools that would connect other tools together,” Col. Masterson reports. “We have a few other technical activities for development of some mitigations of common vulnerabilities. Some of that is being coordinated through the Air Force Research Laboratory.”

Col. Masterson’s office also is working with the research lab to improve processes for transitioning cyber-resilient technologies out of the lab. “I think we’ll see some quick wins there this year,” he suggests.

The office does not use funding to augment specific program offices, but it can support “prototyping and initial development of technologies and mitigations that many program offices can then use,” he adds.

Col. Masterson also emphasizes the need for the entire Air Force acquisition community to undergo cyber training. Part of the challenge is determining what degree of training is appropriate for which personnel. Contracting officers and finance personnel may need to understand cyber lingo but would not need the same level of knowledge as an engineer, for example.

The CROWS team, along with its partners across the service, also is developing methodologies for integrating system security engineering into system engineering processes. “System engineering includes a lot of things. We’re trying to make sure there is a more cyber-focused part in there,” Col. Masterson offers.

CROWS is focused on the seven so-called lines of action outlined in the Air Force Cyber Campaign Plan. The lines of action include conducting mission-level cyber risk analysis; integrating cyber into systems engineering; enhancing adaptability and agility via modular design and approaches; developing a cyber-savvy workforce; increasing assurance in fielded systems in a cost-effective and efficient manner; increasing the integration of cyber intelligence; and enabling cyber operation flights and cyber protection teams.

The campaign plan emerged from a grass-roots push for greater weapon system cybersecurity. The National Defense Authorization Act of 2014 calls for the U.S. Defense Department to explore cyber resiliency issues. Although the legislation did not include a lot of details, it caught the attention of people across the technical community, especially among engineers and testers, the colonel reveals. “We started organizing, and some of our senior leaders across the acquisition community came together, and we created our seven lines of action,” he recalls.

They also formed a Cyber Resiliency Steering Group of senior leaders. Col. Masterson credits Air Force Materiel Command commander Gen. Ellen Pawlikowski with pushing to include cyber resiliency funding in budget planning.

Ultimately, Col. Masterson and other Air Force officials would like to see a major transformation of the service’s acquisition culture to focus more on cybersecurity. “Ten years from now, I want this to just be a part of our business so that we don’t have to call it out as something special,” he says.