PEO Spotlight: Better Using Industry to Help Protect Cyberspace
The U.S. military does not need to catch up to the commercial world in terms of cyber superiority—it needs to better leverage what already is out there and let the commercial world help the U.S. Defense Department better secure its cyber domain, says Maj. Gen. Craig S. Olson, USAF, the program executive officer for the Command, Control, Communications, Intelligence (C3I) and Networks Directorate at Hanscom Air Force Base in Massachusetts.
The U.S. military does not need to catch up to the commercial world in terms of cyber superiority—it needs to better leverage what already is out there and let the commercial world help the U.S. Defense Department better secure its cyber domain, says Maj. Gen. Craig S. Olson, USAF, the program executive officer for the Command, Control, Communications, Intelligence (C3I) and Networks Directorate at Hanscom Air Force Base in Massachusetts.
The government does not “necessarily have the best skill sets in information technology,” Gen. Olson says. “We don’t have the best skill sets in cyber. Those are areas that the commercial world loves just as much as we do, and they move that technology along at the speed of commercial needs.”
Commercial needs are driven by desires for healthy profit margins, but those needs can nicely dovetail with those of the military services, he says.
“There are some unique things about our portfolio that we’re just not the resident subject matter experts on as government people,” observes Gen. Olson, who is responsible for more than 2,200 personnel and is the acquisition executive for a $10.9 billion portfolio to develop, deploy and sustain the Air Force, joint and coalition cyberspace, networks and cryptologic and data link systems.
“This is not your normal drop-bombs-on-a-target, easy-to-understand portfolio.”
The same security parameters commercial businesses employ on their own networks to safeguard proprietary information or personnel data from attacks can be applied to the U.S. military’s needs for security, Gen. Olson says. “They can’t have an attack on their network any more than I can have an attack,” he says. “It’s just as big of a deal to them in a cyber sense and a security sense as it is the DOD. So, bringing in expertise from industry, in areas of information technology and cyber, that helps move this connectivity along, we highly leverage that.
“We need the commercial practices, commercial products, commercial services that are just right for our DOD world, bringing them in and letting them advance [cybersecurity practices] to the next level before we do,” he continues.
The Defense Department and its industry partners have made great strides toward the colossal effort of creating a common network infrastructure through standardizing operating procedures in the transition toward the unified Joint Information Environment, or JIE. “Getting to this DOD future that is standards-based ... is a very challenging journey because it’s very fragmented,” Gen. Olson says.
In addition to the JIE, the Air Force is collaborating with industry to upgrade its airborne network, including work on the Joint Aerial Layer Network to let data from the fighter network be used by ground forces. It’s a network that remains very “fragmented,” but well on its way to standardization, he says.
“We have multiple networks using multiple message sets, multiple radios servicing multiple airplanes and ground customers,” Gen. Olson says. “The upgrade we need to get for the Air Combat Command is using the principles for JIE—standards-based, consolidation, being more affordable, more effective, more secure.”
He is entwined with the Defense Department’s task to improve protection of the network via a cornerstone of the JIE known as the joint regional security stacks (JRSS).
In 2013, Air Force Chief of Staff Gen. Mark A. Welsh III, USAF, designated six of the Air Force’s cyber capabilities as weapon systems managed by C3I. Combined, they continuously monitor and defend classified and unclassified networks through prevention and detection techniques; employ forensics to identify real-time and concrete threats; characterize irregular activity; and identify global-level entry points accessing the information network from every installation.
“The team that’s in the PEO has the job of doing life-cycle management ... for the warfighting customer, in cyber, just like someone does for an airplane,” Gen. Olson explains. “Our job is to put out those cyberweapons systems so that the cyber warfighter can defend the cyberspace. Protect the ones and zeros. Protect that information. Protect our networks. ... Just like an F-15 is attacking something, defending something and monitoring something, well, that’s what this cyberweapons system is doing in the cyber domain.”
The services and Defense Department also are experiencing a major paradigm shift in approaching cyberdefense, treating the new battlefield front as they would other military platforms, he says. “It has a requirement. It has a modernization need. I have to do some testing and evaluation to get that modernization component, that upgrade on that weapon system, and I have to sustain it for its life cycle,” Gen. Olson says. “Those are normal acquisition terms. I’ve not been doing that in the cyberspace before. It’s just kind of been ad hoc managed. We need to improve that process for cyberweapons.
“Getting to a future state, we’ve made some great progress at the Air Force and DOD to take a very fractured community and build an enterprise that has some clear owners, clear leaders, clear requirements and clear standards, and is starting to line up money to do those things,” he adds. During his tenure, he says he has seen tremendous progress in those areas. “Challenges still remain ahead,” Gen. Olson cautions. “We’re not where we need to be. But the foundation is in place for it to be successful.”
