Sign of the times: cyber's bigger role in Air Force's Red Flag

Cyber specialists test their capabilities during the service’s principal air-to-air combat training exercise.

Air Force Red Flag cyber team

The Red Flag cyber protection team works on defensive procedures at Nellis AFB.


As a reflection of the growing importance of cyber operations on the battlefield, the Air Force is giving cyber a full seat at the table during combat training exercises, such as the Red Flag exercise earlier this year.

Red Flag, hosted at Nellis Air Force Base, Nev., is the Air Force’s capstone combat training exercise and involves a variety of interdiction, attack, air superiority, defense suppression, airlift, air refueling and reconnaissance aircraft, according to the Air Force. The large-scale exercise typically held four times a year, is used as a means to train aircrews and includes service members from the United States and allied countries.

The cyber domain is now being fully incorporated with the Air and Space domains at both the tactical and operational levels for the exercise. First incorporated into Red Flag in 2007, cyber has made significant headway in being a fully integrated component of the exercise, according to an Air Force release.

Air Force cyber teams that participate in the event are able to get hands-on training while exercising a variety of their capabilities.

“Our mission is to train the next generation of cyber warriors and we look at what we call the full spectrum … defensive and offensive operations,” Michael Homsy, the 24th Air Force exercise planner and cyber range coordinator, said in the release. “We have several teams that are being developed … teams that are designed to go after the adversary and their infrastructure and degrade their ability to launch their capabilities against us, as well as defend critical infrastructure as it pertains to our country.”

Using a Joint IO range added in 2012—a cyber-range separate from the Air Force’s networks—Air Force specialists have been able to test new attack and defense systems without affecting the actual network.

“One of the things that we’ve been working on in the past year is presenting a contested,  degraded, and operationally limited environment for the training audience and presenting them with a problem and making them solve it,” said Julie Fluhr, a 505th Test Squadron non-kinetic operations subject matter expert. “One of the advantages to Red Flag is, because it is a closed system, we can allow the aggressors to do things that they can’t do on real-world networks.”

The exercise typically lasts three weeks, and presents airmen with scenarios of increasing difficulty—requiring them to adjust their tactics, techniques and procedures.

With the increasing integration of the cyber domain into the exercise, Air Force leaders are encouraging airmen to work with and learn about the other Air Force domains—allowing them to gain a better understanding how their the integrated nature of their domains fall under the big picture.

“We grow up in our own worlds,” said Lt. Col. Christopher Jarvis, the 505th Test Squadron chief of combat operations. “I’m an electronic warfare officer by trade, so I grew up understanding electronic attacks, jamming other assets, [and intelligence], surveillance and reconnaissance … Through Red Flag, years ago, I learned the tactical executing side, the bomb dropping, the missile shooting. It’s only been recently that I’ve even gotten the opportunity to learn how space and cyber works.”

Most, if not all of the services are looking to increase the size and training of its cyber workforces. The Army recently proposed a new classification for cyber warriors, which is aimed at providing retention incentives for trained cyber specialists that might be considering work in the private sector.