event coverage

Red flag exercise
The US Air Force has been working toward full integration of cyber into its tactical operations for the last several years. Here, Army Chief Warrant Officer 2 Michael Lyons looks through information on a workstation inside the Combined Air and Space Operations Center-Nellis during Red Flag 14-1 Feb. 5, 2014, at Nellis Air Force Base, Nev. This is the first exercise that truly integrates advanced operational and tactical air, space and cyber training in a live, virtual, constructive environment. Lyons is a Joint Tactical Communications Office communications operator. U.S. Air Force photo/Senior Airman Brett Clashman.

Warfighting in a Cyber-contested Environment

The Air Force general officers who participated in this panel were guarded and general in their remarks, clearly unwilling to give much away in terms of specifics but equally concerned to express the Service's commitment to developing and exercising a full range of capabilities in the cyber domain. Their two civilian interlocutors were somewhat more forthcoming. The overflow crowd, in which uniformed USAF personnel were a heavy majority, listened attentively.

This late afternoon discussion wrapped up the presentations on the first day of the Air Force Association's Air, Space, and Cyber Conference. The panelists included Lieutenant General John W. Raymond, Deputy Chief of Staff for Operations (A-3); Lieutenant General William J. Bender, Chief, Information Dominance and Chief Information Officer (A-6); Marty Roesch, Vice President and Chief Architect, Cisco Security Business Group; and Brian Rexroad, Executive Director, Threat Analytics, AT&T Chief Security Organization.

A view from the A-3: cyber has become a full operational domain.

Lieutenant General Raymond briefly reviewed the Secretary of Defense's 4+1 construct that indicates the principal adversaries the US faces: China, Russia, Iran, North Korea, and terrorist movements. He noted that it presented a dynamic challenge, "global, transregional, multi-domain, and real." All the domains, including the cyber domain, are becoming more contested.

Raymond regards Operation Inherent Resolve, the international coalition operation against the Islamic State, as the first war to integrate cyber holistically into operations. Thus, he said, cyber is no longer a support function, but a critical operational domain. He quickly reviewed organizational changes designed to integrate cyber capabilities into Air Force missions: cyber operations flights are standing up in every wing, Comm Squadron Next aims at mission assurance, and thirty of thirty-nine planned cyber teams have achieved initial operational capability.

The most significant unresolved challenge, the A-3 repeatedly stressed, was developing effective command and control that could integrate operations across the air, space, and cyber domains.

A view from the A-6: IT modernization as cultural shift.

"Congress has told us it's not an acquisition program," Lieutenant General Bender said, as he noted that IT modernization would not succeed if it proceeded as a legacy process carried out in isolation from the Service's warfighting imperative. He thinks it important that the Air Force's IT infrastructure not be "disaggregated," and he agreed with Lieutenant General Raymond that the real challenge in operating across the Air Force's three domains was command and control. He thinks the development of such command and control will inevitably involve a cultural shift.

The A-6 stressed the need for efficiencies and economies. "We ought to be hardwired to commercial, COTS, as-a-service offerings, wherever possible, to derive efficiencies," he said. "We often don't know what's available to us. From a policy perspective, we're not used to it. We are a do-it-for-yourself enterprise, culturally." The Air Force wants to change this, and will seek to leverage what industry has to offer in ways that bring in new capabilities.

A view from industry: global challenges demand global resolution.

Cisco's Roesch put the challenge simply. After describing the ways in which enterprises currently secure themselves, with an array of products more or less converging in a SIEM, he said, "We're evolving our security infrastructures to interoperate the way they've never interoperated before. The norm for cybersecurity is that best-of-breed products don't interoperate. I'm trying to build an infrastructure that does interoperate." He sees a lot of time being spent on sharing information across organizations. "We're trying to move to an infrastructure that does that automatically. We must break out of the mold where everyone and every device is an island.

AT&T's Rexroad argued, "For all practical purposes, there is no cyber defense in this country. Everyone is responsible for protecting his own computer." He sees the way forward as involving work along three lines: First, increasing virtualization, which brings security as close as possible to the applications being protected (as opposed to attempting to secure a single big environment) and which also offers great opportunities for cost reduction. Second, he sees work to be done in identity and access management, an area in which he believes the Department of Defense is ahead of industry. And third, he believes threat analytics is the last key to enhanced security.

Both Rexroad and Roesch saw the future as lying in increased automation, where human watchstanders supervise, but no longer need to be the means by which information is shared and protective action is coordinated.

Questions: Title 10 versus Title 50, the challenges of coalitions, and a look at the future.

In response a question that asked if he could foresee a time when cyber capabilities would be used under Title 10 (essentially, military) as opposed to Title 50 (essentially, intelligence) authorities, General Raymond answered, simply and unsurprisingly, "I do think so. We have to get those capabilities into the hands of our operators. We always have these conversations." He thought that cyber changes the operational level of war, and that commanders would have to look at tactical timelines to determine when they should request the proper authorities. "I don't think," he said, "we'll get carte blanche authorities."

On sharing information in coalition operations, a question asked if the cyber domain posed particular challenges. Raymond stressed, in reply, that cyber is an operational domain, and that coalition information sharing in this domain didn't differ in kind from information sharing in other domains. He drew a number of analogies with space operations to support this point.

Roesch took up the same question. He thought information sharing continued to be a big problem, and that industry faced this challenge as well. "Not only are agreements not in place, but the mechanisms that move from information to action are human beings, with all the possibilities for divergent interpretation, and so on that implies." We should, he stressed, "disintermediate" the human being—keep the human in a supervisory and "be-informed" capacity as opposed to using human beings as information dissemination mechanisms.

Finally, the panelists were asked about the future. What do they see coming in the next five years? Alternatively, if someone were to walk into their office and say they could solve a problem, what problem would you most like to see solved?

Rexroad saw pervasive connectivity: "In five years everything will be connected."

Roesch saw movement toward coordinated response, enabled by automation. He wants us to not merely share information, but also share an integrated response to threats.

Bender had three wishes: "I would hope to have the ability to drive automation in a way that leverages best-of-breed in industry so that we could put our manpower resources on the toughest problems. I would want us to understand that innovation involves a cultural mindset shift. And I'd like to do more on public-private partnership."

Raymond (after joking to much laughter on the part of junior officers in attendance that he'd like the person who walked into the office to give him some more hair) took the final work. He thought that cyber, in the context of multi-domain operations, has "completely revolutionized the way we fight." And we have yet to figure out command and control for such multi-domain operations.