Air Force CISO says innovation key to future cyber defense
According to senior Air Force officials, airmen are encouraged to take an innovative approach to cyber defense.
Securing cyberspace at the edge of the fight is not just about compliance, it is about agility and innovation, according to Peter E. Kim, Chief of Information Security Officer for the Air Force who spoke at the 2017 FCW Cybersecurity Summit.
This new way of looking at cybersecurity implementation has been called the Cybersecurity Initiative, explained Kim. Essentially, it dictates that in the defense of cyber space, the Air Force wants to see its personnel thinking for themselves and innovating solutions, not simply checking boxes. This is particularly true for the airmen who are actually in the field, at the edge of the fight.
“Compliance is necessary, but it’s okay if you can’t get through the 800 controls. It’s okay if you miss a patch. It’s good enough. Slap it on a network and let the warfighter conduct the mission,” said Kim. “What we are trying to tell the airmen…is think about and innovate how you secure your mission in, through, and from cyberspace.”
However, while encouraging cyber warriors at the edge of the networks to think for themselves, the initiative does prescribe five strategic pillars.
The first is situational awareness.
“Attacks will be constant…and they are becoming more sophisticated,” said Kim. “If you don’t have rudimentary situational awareness of…the information, the data, the mission computers, the things that enable the Air Force, then we need to get there. We need to have situational awareness of the cyber battle space.”
Alongside awareness of Air Force assets in cyberspace is the mandate to ensure that those assets are secure and defensible. That includes networks, servers, and operating systems, according to Kim. Everything must be checked for vulnerabilities, and patches, sensors, or other updates put in place if necessary.
The third and fourth pillars are focused on the human component of cyber defense. Cyber defenders should be trained according to their specific mission sets and leaders must have a direct command and control links to those mission sets, Kim emphasized.
This takes cybersecurity beyond security regulation compliance and to the edge of the fight. When a team of cyber defenders is able to focus solely on securing the F-22 mission, for example, in the cyber realm, then mission assurance can be achieved for that asset.
“We are telling airmen that their job is to secure their missions at the edge of cyberspace. Everything that you touch at the edge…affects the security of the mission at the edge,” explained Kim. “We are going to have cyber defenders at the edge that can think for themselves with some sophisticated tools that are going to be able to secure the mission inside that cyberspace.”
The final strategic pillar is that U.S. Air Force innovations in the cyber security domain must occur faster than the adversary’s. In short, this requires that the Air Force discard legacy systems, said Kim. The rapid advancement of adversaries in cyberspace has diminished the room for extended decision-making on implementing new technology. Outdated systems must go, he said.
Implementation of the Cybersecurity Initiative is still underway, but it will be aided by the Cyber Culture Campaign, launching this year. The ongoing process of reviewing and discarding irrelevant Air Force directives will also support the push toward cyber defender innovation at the edge, said Kim.