909th KC-135 trains ROKAF F-15, 18th AES aircrews.

909th KC-135 trains ROKAF F-15, 18th AES aircrews. US AIR FORCE / PETER REFT

How the US Air Force is Rapidly Mobilizing For Cyber War

New ideas about defense and new tables of organization are reshaping the service’s ideas about battle.

“Are we organized correctly to defend our weapon systems from the cyber threats of the future?” asks Gen. John E. Hyten, who leads Air Force Space Command. “The answer is, ‘No, we’re not.’”

The battle domains of space and cyber are divorced, largely, from the raw physical reality of war. To Hyten, these two uninhabited spaces mirror one another in another way. They are fields of data and information and that’s what modern war runs on. “What are the missions we do in space today? Provide information; provide pathways for information; in conflict, we deny adversaries access to that information,” he told an audience on Wednesday at the Air Force Association’s annual conference outside Washington, D.C.. The same is true of cyber.

The U.S. wages war with tools that require a lot of information, from live camera feeds from AC-130U aircraft over the rocky hills of Afghanistan to the command-and-control links connecting operators in the Nevada desert to the MQ-9 Reapers circling the plains of Syria and Iraq. Inevitably, more adversaries will eventually employ data-connected drones and gunships of their own. The heavy information component of modern-day weapons, particularly that those wielded by air forces, also creates vulnerabilities. Air Force leaders this week discussed how they are looking to reduce the vulnerability for the United States while increasing it for adversaries.

Shields Up

The first step in defeating an adversary in the cyber domain is to have fewer exploitable vulnerabilities. The Air Force is working along what Gen. Ellen Pawlikowski, who leads Air Force Materiel Command, called “lines of attack,” to reduce exploitable bugs or poorly defended systems.

Pawlikowski said the most important line of attack is “mission threat analysis”: knowing how different operations and missions might present different opportunities for enemy attack. Put another way, it means understanding “what’s needed to accomplish a mission and the attack surfaces therein.”

Consider an F-16 mission. The jet takes off to engage a selected target. The pilot drops a JDAM from the air and returns home. Not much opportunity to hack into the plane, right? When it lands, the maintenance crew will connect it to automatic test equipment. “That’s a computer, isn’t it?” Pawlikowski said. “We’ve just introduced a threat to the F-16.” Then there’s the computer-generated mission data, the intel pulled from the distributed common ground system, or DCGS, and more.

“When you go through the mission thread needed to conduct an attack, you find cyber threat surfaces all over the place,” she said.

Identifying them should be seen not as maintenance but “situational awareness,” she said.  Researchers from RAND and Mitre are already helping the Air Force with those assessments.

But hardening every weapon system against cyber attack, particularly older pieces of equipment, can be costly. And you’ll always miss something. That’s why resilience is just as important as strong walls. Pawlikowski emphasized the need for equipment and systems that use open architectures — what she called open mission systems — to allow easy swapping and sharing of parts and code. “I want to take something that I develop on one weapons system and apply it to another weapons system” rapidly and at low cost, she said.

Fangs Out: Cyber Offense

If you can block attack surfaces, or use your flexibility to quickly recover from a defensive breakdown, you next need offensive cyber weapons and people to fire them. The Air Force has a shortage of both, said Hyten.

“We don’t have the cyber weapons systems fully mature that we need to defend our capabilities,” he said. “We’re giving those to a cyber protection team, for example, and when they go out to a wing, or out to a mission, they look at how we defend those systems and they develop very unique capabilities. When they leave the wing, they take that stuff with them.”

Ten years from now, the Air Force will have Cyber Operations Squadrons “that will be assigned to the operations group, not the mission support group,” he said. Those squadrons will be tasked with defending weapons and conducting offensive operations.

The seeds of those squadrons today take the form of the 17 “pathfinders” — basically, airman embeds who are pioneering the field.

But the military is looking to expand its cyber missions long before then, at least in terms of the core Cyber Command mission sets of defending DOD networks, supporting combatant commanders, and backing up the Department of Homeland Security if some attacker lands a blow of “significant consequence” on infrastructure.

By the end of this month, 133 Cyber Mission Force Teams will reach initial operating capability, said Air Force Lt. Gen. James K. “Kevin” McLaughlin, the deputy commander of Cyber Command. “We’re in the embryonic phase of building other capacities...such as the infrastructure to conduct our offensive and defensive operations, cyber situational awareness, and C2 (command and control) capabilities.”

In 2017, the Defense Department budget for cyber operations will reach $6.7 billion, up 16 percent in a year. That bump largely funds the Cyber Mission Force.

“The first priority for us is going from where there is not much to having, rapidly, people, units, concepts, and capability to conduct cyber warfare. I think we’re well on track to do that,” McLaughlin said.