Air Force's cyber boss: Military needs to innovate at 'cyber speed'

Two of the common, long-running criticisms aimed at the Defense Department are that it has a lethargic acquisition process and, during peacetime, falls short on innovation. The two appear to converge in the emerging cyber domain, as threats move at what many describe as “cyber speed.”  In wartime, the military attracts and leverages “some of the most innovative folks on the planet,” Steve Blank, an instructor for the new Hacking 4 Defense course at Stanford University, said this month. “It’s just that when they get back to peacetime, they collapse back to one of the most bureaucratic organizations on the planet.”

DOD recently has taken aim at this innovation deficiency in a project called the Third Offset Strategy, the brainchild of Deputy Defense Secretary Robert Work and Vice Chairman of the Joint Chiefs of Staff, Air Force Gen. Paul Selva. The speed and pace of cyber threats are bombarding network defenses and forced the military services to think outside the box in more rapid and innovative fashions.

“We have a pretty established acquisition fielding process in the Department of Defense, so it doesn’t move at the speed of cyber, let’s put it that way. That’s always a challenge,” Maj. Gen. Burke “Ed” Wilson. commander of the 24^th Air Force, or AFCYBER, told Defense Systems. Wilson also confirmed that there will be a change of command at 24^th in mid or late June, saying Maj. Gen. Chris Weggeman – currently serving at the U.S. Cyber Command in the J-5 role, or in strategy and plans – will take over the command and just received his second star last week.    

On the eve of his departure, Wilson offered his assessment of some of the challenges of standing up an entirely new force in a new domain, and talked about what’s to come. The dynamics of cyberspace, he said, posed a significant challenge to establishing new cyber force – particularly since the 24^th was simultaneously in the fight during the build, which should reach full operational capability by September 2018.

“We’ve come up with some pretty innovative strategies on how to put new capabilities in people’s hands. We’re using the Air Force’s weapons systems approach, which is how we normally purchase most things…that’s worked real well, so we’re proud of that,” said Wilson, who also commands Air Forces Cyber under the U.S. Cyber Command as well as Joint Forces Headquarters-Cyber, which will also go to Gen. Weggeman in June.      

These strategies for getting capabilities out as fast as possible are necessitated by the old military adage that says the enemy gets a vote. Noting how fast the pace of cyber threats are today, Wilson said he has yet to find a comparative historical example. “It’s a challenge because they move so fast,” he said lumping all cyber threats – from nation states, non-state groups, criminal organizations and so on – together. 

For context, according to a presentation last week  given by Air Force Lt. Col. Patrick Daniel, deputy director for Strategy and Plans at Joint Force Headquarters-DOD Information Networks, in a single day 8.2 million emails traverse DOD networks, resulting in 43,000 attempted intrusions and 30 suspicious events requiring human analysis. When scaled up to a year, the numbers jump to 3 billion, 16 million and 11,000, respectively.   

One of the ways the Air Force is addressing this challenge is through the establishment of a cyber proving ground, first announced in December by Col. Robert Cole, director of Air Forces Cyber Forward. “The Cyber Proving Ground’s focus is to really partner, so we have some organic capabilities to develop unique tools. But in most cases, industry’s already addressed some of those problems,” Wilson said, noting that the pace of the threat and “cyber speed” has forced the service to be more nimble, agile and innovative. “What we’re seeing is in our defensive action – and some of our potentially offensive actions, our command and control, situational awareness, some other lines of effort – is the need to be able to field very rapidly applications, capabilities…that actually we can put in our operators’ hands very aggressively, very quickly.”

“I would describe what happens in the commercial sector and innovation as sort of like a grass fire. If somebody doesn’t stamp it out it’s always burning. And it’s going to consume an awful lot of territory but it happens slowly and then it jumps. I would describe innovation in the Defense Department as a forest fire: ‘Holy sh*t, we’re on fire, let’s put it out,’” Selva candidly admitted at the McAleese & Associates and Credit Suisse 2017 Defense Programs conference March 10. “So we go through these periods in the department…one leader or two says ‘innovation is important, we have to figure out a different way to do what we’re doing, we have to get better at this,’ and we get a step change. And the next leader comes in and says, ‘Stop. What you’re doing scares me. I don’t understand it. I don’t like it. It doesn’t comport with my view of how military organizations are led', and they put out the forest fire.” 

The Cyber Proving Ground, which forces will move into in May, is aimed to be a collaboration between “acquisition community and our operations community to bring small projects in and work with industry, work with the labs, work with academia, to be able to take a look, assess very rapidly from an operations perspective and then make decisions on whether we want to field or not,” Wilson said. It’s modeled after the large tech firms with open spaces – no cubicles – to engender collaboration. In taking concepts, teams will assess tools from an operational perspective and “try it out quickly over on a range that we can set up…and then learn from it. If it looks good, roll it into operations, if not, we’ll send it back to the team that’s doing the thinking and maybe modify the behavior and then come back in weeks to months – might be months – and then try it again with the modified behavior,” Wilson said. “Think big, start small, scale fast – that’s the mantra we’ve given the team. So we want them to be very aggressive,” he added.

The initial focus of the teams will be in command and control – battlespace awareness, situational awareness – defensive cyber operations and offensive cyber operations.  However, the idea is not to undertake daunting projects such as reconfiguring Air Force networks.  “If you noticed, I didn’t include network operations…We’ll get to that but I don’t want the team trying to re-architect the Air Force network in the first project.  We want very quick hitting progress,” he said noting that the aforementioned focus areas tend to be fairly small applications.  

In terms of moving toward full operational capacity, Wilson offered both strategic and tactical challenges. Strategically, Wilson said, learning how to scale operations as capacity is added will involve a learning process. These same difficulties will be seen at a more immediate and tactical level as well, with additional challenges associated in maintaining training and deploying capabilities in the immediate term.   

Regarding recruiting and retention, Wilson noted that the Air Force has had many problems. For open positions, the force has had several qualified candidates to fill them. Wilson did express concern, however, of needing to motivate individuals, citing the pay discrepancy between the more lucrative private sector and government as a potential competitive problem, although to date this has not been much of an issue. Wilson attributed this to the mission set folks can work with the Air Force’s cyber teams.  

Wilson also offered an update to the Air Force’s Task Force Cyber Secure, which was established by Air Force Chief of Staff Gen. Mark Welsh III in March 2015 to focus on three main lines of effort: diagnosing of the extent of the cyber threat and vulnerabilities that impact core missions; making plans for risk management development to enable aircraft to fly and win in cyber-contested domains; and making recommendations for investment priorities on how to address cybersecurity challenges. 

Wilson said as a result of Task Force Cyber Secure, the acquisition community has worked across its portfolio to field new capabilities and conduct operations, even establishing a center of excellence for cyber. 

The force has also established an initiative called Communications Squadron Next to look at the skills and capabilities needed within communication squadrons as a means of providing resiliency to installations for all cyber missions. Communications Squadron Next, as explained in a recent Air Force release, is “a restructuring of base communications squadrons. The focus will be for comm squadrons to shift more from an information technology to a mission assurance focus. Traditionally, the communications squadron's role was to provide support for any IT device or service used for communication, like radios, giant voice, etc. Comm Squadron Next will help mobility airmen understand the process for their wing operations to be successful, and they will speak the same language.”   

Wilson said that Supervisory Control And Data Acquisition systems used in infrastructure as well as mission systems such as the F-22 and F-35 aircrafts and GPS control stations must be resilient in the face of increasing attacks. “We believe that the comm squadron will be … really our core capability, but we need to transition that in some fashion to be able to provide mission assurance in those other areas,” he said. “So that’s been a real focus with the Task Force Cyber Secure.”