Air Force wants 'kill chain' integration in network systems

The Air Force is looking beef up security across the board and improve its intelligence, surveillance and reconnaissance through what it calls kill-chain integration and full-spectrum awareness of emerging threats from both the outside and inside.

In a new Broad Agency Announcement, the service is taking aim at Air Force Secretary Deborah Lee James’s “Bending the Cost Curve” initiative announced at the beginning of last year by seeking to develop a better understanding to objectives and threshold requirements as well as rapidly addressing the need to integrate kill-chain solutions.

In typical military parlance, the term “kill chain” refers to the lengthy process of identifying and thwarting threats, typically covering activities from reconnaissance until the threat is eliminated. This term also generally applies to threats in cyberspace and the electromagnetic spectrum, with regard to identifying and eliminating network intrusions.     

The Air Force has begun operating in multi-domain, multi-spectrum environments. Radars on traditional aircraft are susceptible to being jammed via electronic warfare, while newer systems such as the remotely piloted aircraft and high-tech 5^th generation fighters are susceptible to being hacked in the cyber domain, in addition to having their radars jammed.  

In stressing the importance of maintaining a tactical edge in these realms of operation, the BAA quotes Lt. Gen Robert Otto, deputy chief of staff for Intelligence, Surveillance and Reconnaissance, who writes in the “Air Force ISR 2023” strategy document that the “challenge for [Air Force] ISR is to maintain the impressive tactical competencies developed and sustained over the past 12 years, while rebuilding the capability and capacity to provide the air component commander and subordinate forces with the all-source intelligence required to conduct full-spectrum cross-domain operations in volatile, uncertain, complex, and ambiguous environments around the globe.”  

The Air Force is interested in two specific areas of research. The first covers operationally focused ISR capabilities that meet combatant commander requirements and optimize end-user experience. Capabilities under this research area could include:

• ISR modernization
• Enhancing situational awareness
• Mobile networking and communications equipment
• Improvements to existing Air Force/Defense Department infrastructure
• USAF cryptographic operations modernization
• Geospatial analysis of social media
• Exploitation of enemy threat systems
• Increasing data utility and accessibility.

Second, the Air Force wants agile mechanisms for networks and IT systems that can detect, monitor, assess and isolate insider threats, which is a growing concern for DOD. Simultaneously, these systems must include mechanisms to restore contaminated systems to “pristine trusted states.” The solicitation said these networks:

• Need solutions that address IT system security that uses virtualization coupled with both manual and machine learning techniques to isolate application threads to protect systems.
• Must address and deliver software solutions to act autonomously to assess the probability of a function to be untrusted and, if deemed untrusted, disable the function, while allowing trusted functions on the host to interact normally with threads.
• In cases where system contamination is beyond a point where function isolation can provide the appropriate protection, provide solutions for automated and/or manual mechanisms capable of restoring IT systems to a pristine state with minimal disruption to users.
• Provide solutions to counter insider threats, whether controlled manually, through deterministic algorithms, or via pseudo-random methods; morphing attack surfaces are needed both in client hosts as well as server hosts.