“Are we organized correctly to defend our weapon systems from
the cyber threats of the future?” asks Gen. John E. Hyten, who leads
Air Force Space Command. “The answer is, ‘No, we’re not.’” The battle domains of space and cyber are divorced, largely, from the
raw physical reality of war. To Hyten, these two uninhabited spaces
mirror one another in another way. They are fields of data and
information and that’s what modern
war runs on. “What are the missions
we do in space today? Provide information; provide pathways for
information; in conflict, we deny adversaries access to that
information,” he told an audience on Wednesday at the Air Force
Association’s annual conference outside Washington, D.C.. The same is
true of cyber.
The U.S. wages war with tools that require a lot of information, from live camera feeds from AC-130U aircraft over the rocky hills of Afghanistan to the command-and-control links connecting operators in the Nevada desert to the MQ-9
Reapers circling the plains of Syria and Iraq. Inevitably, more
adversaries will eventually employ data-connected drones and gunships of
their own. The heavy information component of modern-day weapons,
particularly that those wielded by air forces, also creates
vulnerabilities. Air Force leaders this week discussed how they are
looking to reduce the vulnerability for the United States while
increasing it for adversaries.
Shields Up
The first step in defeating an adversary in the cyber domain is
to have fewer exploitable vulnerabilities. The Air Force is working
along what Gen. Ellen Pawlikowski, who leads Air Force Materiel Command,
called “lines of attack,” to reduce exploitable bugs or poorly
defended systems.
Pawlikowski said the most important line of attack is “mission threat analysis”: knowing how different operations and missions might present different opportunities for enemy attack. Put another way, it means understanding “what’s needed to accomplish a mission and the attack surfaces therein.”
Consider an F-16 mission. The jet takes off to engage a selected target. The pilot drops a JDAM from the air and returns home. Not much opportunity to hack into the plane, right? When it lands, the maintenance crew will connect it to automatic test equipment. “That’s a computer, isn’t it?” Pawlikowski said. “We’ve just introduced a threat to the F-16.” Then there’s the computer-generated mission data, the intel pulled from the distributed common ground system, or DCGS, and more.
“When you go through the mission thread needed to conduct an attack, you find cyber threat surfaces all over the place,” she said.
Identifying them should be seen not as maintenance but “situational awareness,” she said. Researchers from RAND and Mitre are already helping the Air Force with those assessments.
But hardening every weapon system against cyber attack, particularly older pieces of equipment, can be costly. And you’ll always miss something. That’s why resilience is just as important as strong walls. Pawlikowski emphasized the need for equipment and systems that use open architectures — what she called open mission systems — to allow easy swapping and sharing of parts and code. “I want to take something that I develop on one weapons system and apply it to another weapons system” rapidly and at low cost, she said.
Fangs Out: Cyber Offense
Pawlikowski said the most important line of attack is “mission threat analysis”: knowing how different operations and missions might present different opportunities for enemy attack. Put another way, it means understanding “what’s needed to accomplish a mission and the attack surfaces therein.”
Consider an F-16 mission. The jet takes off to engage a selected target. The pilot drops a JDAM from the air and returns home. Not much opportunity to hack into the plane, right? When it lands, the maintenance crew will connect it to automatic test equipment. “That’s a computer, isn’t it?” Pawlikowski said. “We’ve just introduced a threat to the F-16.” Then there’s the computer-generated mission data, the intel pulled from the distributed common ground system, or DCGS, and more.
“When you go through the mission thread needed to conduct an attack, you find cyber threat surfaces all over the place,” she said.
Identifying them should be seen not as maintenance but “situational awareness,” she said. Researchers from RAND and Mitre are already helping the Air Force with those assessments.
But hardening every weapon system against cyber attack, particularly older pieces of equipment, can be costly. And you’ll always miss something. That’s why resilience is just as important as strong walls. Pawlikowski emphasized the need for equipment and systems that use open architectures — what she called open mission systems — to allow easy swapping and sharing of parts and code. “I want to take something that I develop on one weapons system and apply it to another weapons system” rapidly and at low cost, she said.
Fangs Out: Cyber Offense
If you can block attack surfaces, or use your flexibility to
quickly recover from a defensive breakdown, you next need offensive
cyber weapons and people to fire them. The Air Force has a shortage of
both, said Hyten.
“We don’t have the cyber weapons systems fully
mature that we need to defend our capabilities,” he said. “We’re giving
those to a cyber protection team, for example, and when they go out to a
wing, or out to a mission, they look at how we defend those systems and
they develop very unique capabilities. When they leave the wing, they
take that stuff with them.”
Ten years from now, the Air Force will have Cyber Operations Squadrons
“that will be assigned to the operations group, not the mission support
group,” he said. Those squadrons will be tasked with defending weapons
and conducting offensive operations.
The seeds of those squadrons today take the form of the 17 “pathfinders” — basically, airman embeds who are pioneering the field.
But
the military is looking to expand its cyber missions long before then,
at least in terms of the core Cyber Command mission sets of defending DOD
networks, supporting combatant commanders, and backing up the
Department of Homeland Security if some attacker lands a blow of
“significant consequence” on infrastructure.
By the end of this
month, 133 Cyber Mission Force Teams will reach initial operating
capability, said Air Force Lt. Gen. James K. “Kevin” McLaughlin, the
deputy commander of Cyber Command. “We’re in the embryonic phase of
building other capacities…such as the infrastructure to conduct our
offensive and defensive operations, cyber situational awareness, and C2
(command and control) capabilities.”
In 2017, the Defense
Department budget for cyber operations will reach $6.7 billion, up 16
percent in a year. That bump largely funds the Cyber Mission Force.
“The
first priority for us is going from where there is not much to having,
rapidly, people, units, concepts, and capability to conduct cyber
warfare. I think we’re well on track to do that,” McLaughlin said
