NATIONAL HARBOR, Md. — The Air Force’s information warfare entity is focusing more attention toward defending weapon systems from adversary probes.
Enemies have begun to be more active below the threshold of war, using cyber and digital capabilities to conduct espionage against military and non-military targets while also accessing sensitive systems to disrupt them or sow doubt among users.
For 16th Air Force — the Air Force’s main information warfare entity that fuses cyber; information operations; intelligence, surveillance and reconnaissance; electronic warfare; and weather capabilities — defending these systems from digital intrusions is about producing intelligence.
“How do we generate the right intelligence to understand the threat to those weapon systems and then how do we bring together the capabilities that we have to defend our networks and our weapon systems in a way that buys down the risk for operational commanders?” Lt. Gen. Timothy Haugh, 16th Air Force commander told C4ISRNET in a Sept. 20 interview as part of the Air, Space and Cyber conference hosted by the Air Force Association.
Haugh noted many of these weapon systems pre-date the modern cyber threats perpetuated by sophisticated nation states, namely Russia and China. 16th Air Force, as a result, must try to reduce the risk to these systems.
Haugh said the defensive cyber teams within 16th Air Force are able to defend the entirety of the network all the way down to a particular enclave or a specific weapon system. The organization can ensure everyone has a common picture of the threat as well as the intelligence of what the threats look like, he said, adding they can help make those systems more defensible and less vulnerable.
Haugh also described aligning high-end defensive cyber protection teams — the highly sought and extremely technical cyber teams the services provide to U.S. Cyber Command — with internal defensive assets or resources at a local installation or wing.
The Air Force is building a cadre of mission defense teams — specialized groups that protect key Air Force missions and installations such as critical infrastructure or computers associated with aircraft and remotely piloted systems.
“Where we need to, we can use our combat power to apply additional sensors through a CPT, we can partner with the wing that has their own internal defensive capabilities or in some cases ... our program offices may have a cybersecurity service provider, how do we apply them in an area to get them the right data so that we can buy down that risk for an operational commander,” Haugh said.
The Air Force recently has been experimenting with partnering the cyber protection teams and mission defense teams on training, tactics and tools.
Separately, Haugh explained that the maturity of a major Cyber Command program has allowed defensive cyber protection teams across the services to share data more quickly and respond to threats better.
The program, which is being built by the Air Force on behalf of Cyber Command and the joint force, is enabling these teams to simultaneously share threat data and information that allows them to apply algorithms and automate where it makes sense, Haugh said.
“It’s not about acquiring information, it’s about now, how do you get the right airmen to be able to use the right algorithm to see that data. That’s advancing every day,” he said.
Part of this is enabled by what’s known as a big data platform, essentially a hybrid cloud environment that allows for storage, computation and analytics across networked sensors. There are several among Cyber Command, the Defense Information Systems Agency, Army Cyber Command and the Marine Corps.
Haugh noted his unit is working with the other service cyber components to advance tradecraft, and the big data platform has allowed them to jump forward.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.