The Air Force is creating a cadre of specialized defensive cyber teams that will protect critical Air Force missions and installations.
These teams, known as mission defense teams, “have got to be there on the flight team to support mission generation” and will be “no different than the weapons troop or avionics or crew chief,” Ted Uchida, deputy director of operations at Air Combat Command, said April 11 at an event at Langley Air Force Base.
The teams are an outgrowth of the service’s communications squadrons, which in the past performed much of the IT and cyber defense at the base or wing level. The new crews differ from the cyber protection teams that the Air Force, and other services, provide to U.S. Cyber Command. They are made possible, in part, because the Air Force is outsourcing the more mundane tasks of IT management on installation’s to industry, freeing these folks to focus on cyber defense.
Already, Air Force officials see a need for this skillset. For example, certain mission defense teams could be assigned to defend the avionics in a fighter jet from malware. Uchida said one Air Force staffer recently discovered malware on the memory loader verifier on an F-16 leading officials to ask how it got there and whether it penetrated the aircraft’s primary system.
This incident sparked discussions about how to build up of mission defense teams that could focus on protecting weapon systems.
More holistically, the mission defense teams will focus on securing cyberspace for traditional Air Force missions.
“These MDTs, when they’re thinking about the transaction of a whole, [they’re thinking about] how do you launch an F-22 into space and drop bombs, [and have] an understanding of what are the critical components of that transactional path that you have to protect,” Brig. Gen. (s) Chad Raduege, director of communications at Air Combat Command, said at the same event.
One of the challenges, Uchida said, is linking various teams across installations that might be working on similar problems.
“It’s easy to focus on an individual installation, an individual weapon system and an individual mission defense team," he said. “But you need to think about it more broadly. There’s more than just one base like Shaw that operates F-16s. F-16s operate across the globe.”
Attack vectors targeting an F-16, for example, could come across multiple bases.
“How do you actually coordinate a response if one base sees this anomalous activity across the rest of the enterprise?," he said. “It’s not just again the flying community but it’s the command and control of the response.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.