Air Force aims to replace its insecure VIP flight scheduling system

The "categorically inadequate" cybersecurity of the Air Force's system for managing flights for top government officials has the service looking for a new, cloud-based app, according to a sources-sought notice posted on SAM.gov. 

The military branch’s AF/A3M office “specializes in managing Very Important Person Special Air Missions,” including validating, overseeing, and handling these flights. 

Recent directives from the Pentagon and other agencies have pushed the office to adopt “a more secure, efficient and compliant management system” that meets the enhanced security and operational requirements outlined in this guidance.

The Air Force’s Aug. 5 notice said it is looking for an “airlift scheduling management cloud application” that can, in part, handle “66 active Department of Defense aircraft, totaling around 20,000 flight hours yearly, and accommodate an extra 70 notional DoD aircraft or utilize a forecasting scheduling tool.” 

The branch said this tool, in part, should support scheduling requests and mission operations, maintain crew and traveler contact information, manage certifications and securely store data.

The Air Force said that enhanced cyber protocols, however, remain its top concern when it comes to adopting the cloud-based application. 

“This new system is essential due to significant cybersecurity vulnerabilities identified in the existing scheduling system,” the notice said. “The current system not only falls short but is categorically inadequate in meeting the rigorous cybersecurity posture required by the DOD and USAF standards.”

The branch said it is looking for a system that includes robust monitoring capabilities, conducts frequent risk assessments, includes strong password policies and access control measures and utilizes “encryption technologies for data protection.”

The contract is for 12 months, with four additional one-year optional licensing periods.