The Air Force is readying to roll out the beginning stages of a major cyber initiative in 2018 as it seeks to protect critical missions from cyber harm.
The so-called cyber squadron initiative will be moving beyond the pathfinder phase that spanned fiscal years 2016/2017 and into the enterprise roll out phase this year, Lt. Col. Steven Wieland, chief of the strategy branch within the Air Force’s chief information office, told Fifth Domain during a recent interview.
The cyber squadron initiative aims to protect the Air Force’s core missions by establishing and assigning personnel and cyber teams to wings and missions.
Following the pathfinder effort, in which the Air Force established 44 teams, the service will now begin to select bases and wings to start rolling out with the next phase. The Air Force created a concept that spells out what the cyber squadron is — discovering that they had to build a whole squadron structure to support the ultimate goal of protecting aircraft and key cyber terrain on bases to make missions go — and is looking to institute training and infrastructure, Wieland said.
This effort and associated cyber teams are separate from 24th Air Force/Air Forces Cyber, the Air Force’s service component of U.S. Cyber Command.
The mission defense teams, the specialized cyber teams within the cyber squadrons, will be the “beat cops,” so to speak, understanding the critical cyber terrain and networks of the wings and missions they’re assigned to even deploying with these units in some cases.
The MDTs and cyber squadrons will be an organic capability to Air Force wings within the squadron structure, Wieland said.
Air Force officials in the past have noted the need for the service to develop its own cyber capabilities to get at service-specific issues.
“There’s a clear recognition that our service needs an organic cyber capability to get after much of what Cyber Command … just doesn’t have the bandwidth to do or simply not in their charter, and it’s critical [to the] Air Force,” former Air Force CIO Lt. Gen. William Bender said.
This organic capability revolves around the Air Force’s five core missions — air and space superiority; intelligence, surveillance and reconnaissance; rapid global mobility; global strike; and command and control — and focuses on mission-specific tasks in the air domain. CYBERCOM, Bender said, is concerned with big problems and high-end warfare, such as protecting missile defense systems and air defense systems and assuring the nuclear enterprise and space enterprise.
The Air Force, he said, needs cyber-minded personnel to assure things like aerial refueling, assigning crews to planes, ensuring planes take off on time and they deliver their payload or complete their mission.
Some of the other services have taken a similar track, creating organic, service-specific cyber teams apart from their contributions to U.S. Cyber Command.
For the Air Force, this organic capability — in the form of a unit at a fighter wing, for example — will do functional mission analysis, which disaggregates the mission of the wing assuring sorties get off the ground and bombs get on target, Wieland said.
“The MDTs, through their cyber squadron, would be responsible for deciding which cyber terrain that they’re going to defend at that point, for how long and in what manner and then make sure that with the ultimate goal of making sure that mission is assured that we can get jets off the ground and bombs on target,” he said.
This key cyber terrain for mission defense teams could be traditional IT or operational technology such as industrial control systems or even platforms with cyber systems tied inherently to the platform.
How did this start?
Part of this effort stems back two decades, according to Maj. Gen. Patrick Higby, director of Air Force cyber strategy and policy. When a circuit went out or a server crashed or a radio net went down, if a comm squadron commander went to their wing commander and said they just lost circuit x, y or z, the wing commander would ask what that meant for the mission, he said.
Similarly, the current initiative seeks to ensure the individual squadron level can fight through cyber incidents — whether from adversaries or insiders — to make sure the wing commander can complete their mission, even if it’s in a degraded state.
With the pathfinder effort that began over the last two years, Wieland said the service intentionally tried to cast a wide net with the 44 units to cover as many of the different Air Force mission sets as possible.
A few examples include units in mobility, special operations, combat forces and space.
What’s next?
With the enterprise roll out, Wieland noted they will continue experimenting with the make up of the mission defense teams while also prioritizing which wings will get cyber squadrons based on prioritization.
The make up of the MDTs will be diverse depending on the mission set they are assigned to, he said. There is no set size or composition defined yet.
“We’re not putting out a standard-size MDT to say we have X person-sized MDT for each entity, because that doesn’t make a lot of sense,” he said. “A space system, for example, that controls satellites, is a very different proposition than a C-130. There should be different compositions on those teams.”
Some pathfinder units incorporated non-cyber personnel and non-communications personnel given their expertise in understanding what the mission and cyber overlay of that mission is, Wieland explained, adding, “I suspect that we will continue to experiment for some time, until each mission finds the fight mix.”
This experimentation includes use of contractors, as well. In some cases, contractors made sense while in other, such as a highly deployable unit, Wieland said they don’t.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.