Air Force embraces new mindset for cyber warfare
Networks must be viewed as weapons systems, vice commander says
Cyberspace isn’t just a new frontier for military operations. It will also require a new mindset for the warfighters responsible for defending the nation’s critical IT infrastructure. This new approach to thinking about cyber warfare is important as the U.S. government establishes a new set of organizations responsible for defending the Defense Department’s vast network architecture, said a key officer in charge of protecting the Air Force’s computer networks.
One of the important aspects of this new mindset is that the network itself must be treated as a weapon system, Brig. Gen. Charles Shugg, vice commander of the 24th Air Force or Air Force Cyber Command (AFCYBER), said Jan. 25 at the Network Enabled Operations conference in Arlington, Va. This strategy must be backed up with a deliberate, considered process to install new systems and capabilities. There cannot be any ad-hoc, “drive-by” fielding of equipment, he said.
Shugg said that the Air Force is moving away from the old perimeter-based network defense strategy to one of defense in depth. He noted that the service had used the perimeter strategy for more than two decades, but added that a new strategy must drive operations planning. Network strategies must also be traceable to operational imperatives, he said.
But despite this new emphasis, the general explained that all parts of the network are not equal. Administrators must set priorities, with key areas set aside to be defended, he said.
All new fieldings and upgrades must also include components such as training, technical data, procedures and a sustainment trail. However, Shugg noted that of all of these, training was key. He outlined the training process for Air Force cyber specialists, which included initial and mission qualification training. And after they are trained, personnel will require regularly upgraded skills certifications to maintain proficiency.
Shugg also discussed some of the aspects of AFCYBER’s mission. The command’s key requirement is to support joint forces operations in cyberspace. For the near future, he said that there are several operational assumptions that ARCYBER is working with. These are:
- That cyberspace will remain a contested environment.
- The intent of various cyber threats may be impossible to ascertain.
- Opponents will use cyberspace operations to support a larger strategy.
- The network is complex and cannot be completely secured.
While mission assurance is a key part of the command’s responsibilities, Shugg said that the Air Force’s mindset is shifting away from the old view of network assurance, in which the network was key, to a mission-oriented view focused on end users. He maintained that warfighters cannot be disconnected from the network.
Providing a brief status update, Shugg reported that the 24th Air Force achieved full operational capability four months ago. Among its various missions, he noted that the command helps “escort” drone missions by ensuring the security of their satellite connections. He said command personnel monitor more than 180 circuits and routers for each mission.
The command is also involved in monitoring the launch and spaceflight process for Air Force space operations. However, he added that the Air Force is only just beginning to provide greater mission assurance in cyberspace.