Air Force operationalizes new cybersecurity plans

Key elements of an Air Force seven-lines-of-attack cybersecurity initiative are being implemented across the force.

The Air Force is now operationalizing several key elements in its comprehensive cybersecurity plan, designed to analyze and mitigate attacks while also building cyber resilience into new weapons systems and platforms early in the acquisition process, service leaders said.

The implementation is multi-faceted, including a wide range of initiatives now being accelerated into operations and weapons development. Some of these include engineering hardware such that it can quickly integrate new patches or security fixes as they emerge, using more computer automation to detect and track cyber intruders, standing up specific cyber squadrons, and identifying potential cyber vulnerabilities at the beginning of a weapons or technology development effort.

As part of this, Air Force leaders have established a new unit tasked with protecting weapons systems by diagnosing and addressing cyber intrusions and attacks.

The Cyber Resilience Office for Weapons Systems, or CROWS, seeks to examine how the Air Force fields and sustains its weapons when it comes to cybersecurity, said Lt. Gen. Arnold Bunch, Jr., military deputy, Office of the Assistant Secretary of the Air Force for Acquisition.

The aim of the office is to analyze the vulnerabilities that exist in weapons systems and address potential problems such as intrusions, malicious activities and cyberattacks.

 “It is like a response team that can go to program offices and help them analyze an incident. They do an analysis and postmortem on what happened,” Bunch said.

Service officials said that part of this initiative involves adding more cyber resilience to legacy weapons systems, which are also increasingly reliant upon computer technology.

CROWS was engineered, in large measure, to recognize the growing scope and influence of the cyber domain necessary to strengthen cybersecurity for emerging platforms and existing platforms such as an F-16, F-15 or F-35, Brig. Gen. Kevin Kennedy, the director of Cyberspace Operations and Warfighting Integration, said earlier this year.

Bunch also emphasized that operationalizing these measures is the next step in an evolving the Air Force cyber plan outlined last year.

Gen. Ellen Marie Pawlikowski, commander, Air Force Materiel Command, has explained the inspiration and direction for the initiative, called seven lines of attack.

A key impetus for the effort, as outlined in the first line of attack, is working to secure mission planning and recognizing cyber vulnerabilities, Pawlikowski explained.

For instance, she explained that prior to embarking upon a global attack mission, an Air Force F-16 would need to acquire and organize its intelligence information and mission data planning -- activities that are almost entirely computer-dependent.

“We did some mission planning before we got that in the air. Part of that mission planning was uploaded into a computer,” Pawlikowski said.  “An OFP [operational flight plan] is developed using software tools, processors and computers. When you lay out a mission thread it takes to conduct a global mission attack, you find that there are cyber threat surfaces all over the place. How do you make sure your F-16 is secure? We need to address each and every one of those threat surfaces.”

The second line of attack is described in terms of technology acquisition and weapons development procedures. The idea, Pawlikowski said, was to engineer future weapons systems with a built-in cyber resilience, both protecting them from cyberattacks and allowing them to integrate updated software and computer technology as it emerges.

“We want to understand cybersecurity as early as we can and develop tools that are needed by program managers. We want to engineer weapons systems that include cyber testing in developmental and operational tests,” she said.

Bringing the right mixture of cybersecurity experts and security engineers into the force is the thrust behind the third line of attack, and working to ensure weapons themselves are cyber resilient provides the premise for the fourth line of attack.

“We can’t take 10 years to change out the PNT [precision, navigation and timing] equipment in an airplane if there is a cyber threat that negates our ability to use GPS,” Pawlikowski explained.

Part of this equation involves the use of an often-described weapons development term called “open architecture,” which can be explained as an attempt to engineer software and hardware able to easily accommodate and integrate new technologies as they emerge. Upon this basis, weapons systems in development can then be built to be more agile, or adaptive, to a wider range of threats and combat operating conditions.

In many cases, this could mean updating a weapons system with new software tailored to address specific threats. 

“Open mission systems enable me in avionics to do more of a plug-and-play capability, making our weapons systems adaptable to evolving cyber threats,” she explained.

The fifth line of effort involves establishing a common security environment for classification guides to ensure a common level of security, and the sixth line of attack involves working with experts and engineers with the Air Force Research Laboratory to develop built-in cyber hardening tools.

For instance, Pawlikowski explained that by the 2020s, every Air Force base would have cyber hardening “baked” into its systems and cyber officers on standby against potential cyberattack.

Preparing to anticipate the areas of expected cyber threats and, therefore, developing the requisite intelligence to prepare, is the key thrust of the seventh line of effort.

“We planned and built our defenses against an expectation of what our adversary was able to do. We need to understand where the threat is going so we can try to defend against it,” Pawlikowski said.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.