Air Force operationalizes new cybersecurity plans
Key elements of an Air Force seven-lines-of-attack cybersecurity initiative are being implemented across the force.
The Air Force is now operationalizing several key elements in its comprehensive cybersecurity plan, designed to analyze and mitigate attacks while also building cyber resilience into new weapons systems and platforms early in the acquisition process, service leaders said.
The implementation is multi-faceted, including a wide range of initiatives now being accelerated into operations and weapons development. Some of these include engineering hardware such that it can quickly integrate new patches or security fixes as they emerge, using more computer automation to detect and track cyber intruders, standing up specific cyber squadrons, and identifying potential cyber vulnerabilities at the beginning of a weapons or technology development effort.
As part of this, Air Force leaders have established a new unit tasked with protecting weapons systems by diagnosing and addressing cyber intrusions and attacks.
The Cyber Resilience Office for Weapons Systems, or CROWS, seeks to examine how the Air Force fields and sustains its weapons when it comes to cybersecurity, said Lt. Gen. Arnold Bunch, Jr., military deputy, Office of the Assistant Secretary of the Air Force for Acquisition.
The aim of the office is to analyze the vulnerabilities that exist in weapons systems and address potential problems such as intrusions, malicious activities and cyberattacks.
“It is like a response team that can go to program offices and help them analyze an incident. They do an analysis and postmortem on what happened,” Bunch said.
Service officials said that part of this initiative involves adding more cyber resilience to legacy weapons systems, which are also increasingly reliant upon computer technology.
CROWS was engineered, in large measure, to recognize the growing scope and influence of the cyber domain necessary to strengthen cybersecurity for emerging platforms and existing platforms such as an F-16, F-15 or F-35, Brig. Gen. Kevin Kennedy, the director of Cyberspace Operations and Warfighting Integration, said earlier this year.
Bunch also emphasized that operationalizing these measures is the next step in an evolving the Air Force cyber plan outlined last year.
Gen. Ellen Marie Pawlikowski, commander, Air Force Materiel Command, has explained the inspiration and direction for the initiative, called seven lines of attack.
A key impetus for the effort, as outlined in the first line of attack, is working to secure mission planning and recognizing cyber vulnerabilities, Pawlikowski explained.
For instance, she explained that prior to embarking upon a global attack mission, an Air Force F-16 would need to acquire and organize its intelligence information and mission data planning -- activities that are almost entirely computer-dependent.
“We did some mission planning before we got that in the air. Part of that mission planning was uploaded into a computer,” Pawlikowski said. “An OFP [operational flight plan] is developed using software tools, processors and computers. When you lay out a mission thread it takes to conduct a global mission attack, you find that there are cyber threat surfaces all over the place. How do you make sure your F-16 is secure? We need to address each and every one of those threat surfaces.”
The second line of attack is described in terms of technology acquisition and weapons development procedures. The idea, Pawlikowski said, was to engineer future weapons systems with a built-in cyber resilience, both protecting them from cyberattacks and allowing them to integrate updated software and computer technology as it emerges.
“We want to understand cybersecurity as early as we can and develop tools that are needed by program managers. We want to engineer weapons systems that include cyber testing in developmental and operational tests,” she said.
Bringing the right mixture of cybersecurity experts and security engineers into the force is the thrust behind the third line of attack, and working to ensure weapons themselves are cyber resilient provides the premise for the fourth line of attack.
“We can’t take 10 years to change out the PNT [precision, navigation and timing] equipment in an airplane if there is a cyber threat that negates our ability to use GPS,” Pawlikowski explained.
Part of this equation involves the use of an often-described weapons development term called “open architecture,” which can be explained as an attempt to engineer software and hardware able to easily accommodate and integrate new technologies as they emerge. Upon this basis, weapons systems in development can then be built to be more agile, or adaptive, to a wider range of threats and combat operating conditions.
In many cases, this could mean updating a weapons system with new software tailored to address specific threats.
“Open mission systems enable me in avionics to do more of a plug-and-play capability, making our weapons systems adaptable to evolving cyber threats,” she explained.
The fifth line of effort involves establishing a common security environment for classification guides to ensure a common level of security, and the sixth line of attack involves working with experts and engineers with the Air Force Research Laboratory to develop built-in cyber hardening tools.
For instance, Pawlikowski explained that by the 2020s, every Air Force base would have cyber hardening “baked” into its systems and cyber officers on standby against potential cyberattack.
Preparing to anticipate the areas of expected cyber threats and, therefore, developing the requisite intelligence to prepare, is the key thrust of the seventh line of effort.
“We planned and built our defenses against an expectation of what our adversary was able to do. We need to understand where the threat is going so we can try to defend against it,” Pawlikowski said.