Air Force Closer to Defining Its Cyber Security Mission

The Air Force, and by extension the Defense Department, has made strides toward understanding exactly what “cyber” means and what its mission in that realm should be, according the service’s chief scientist.
Air Force officials are putting the final touches on Cyber Vision 2025, a framework for upgrading the nation’s capabilities over the next decade.
“This is a new area, we’re trying to get our collective heads around it,” Mark T. Maybury, chief scientist of the Air Force, told National Defense Dec. 6. “This vision will help significantly with getting our heads around what capabilities we need, where the gaps are, and who we need to partner with. I’m happy with the progress we’ve made even in the past couple months since the chief’s comments.”
Maybury was referring to comments by Air Force Chief of Staff Gen. Mark Welsh, who said the cyber domain might be a little-understood money pit. In a September speech, Welshcharacterized cyber warfare as a "black hole" that needed to be better understood. Welsh said he would hold off funding major investments in cyber warfare unti requirements are defined more precisely.
Speaking Dec. 4 at a breakfast meeting in Washington, D.C., hosted by the National Defense Industrial Association, Maybury said Welsh’s comments were “spot on” at the time.
“Now we have a common, collective view of where we’re going and how to get there,” Maybury said of the vision statement. The document is being finalized by Pentagon officials and is scheduled for public release within a month.  
Executing the plan could cost up to $4 billion, Maybury said. There already is more than $500 million programmed into the current five-year budget for various cyber security programs.
Priorities include protecting information-centric weapon systems such as the highly computerized F-35 Joint Strike Fighter.
But the cyber domain does not stop at defense networks. A viable plan must take into account commercial intellectual property and financial systems that are vulnerable to unauthorized intrusions, said Mike Dudzik, vice president of science and technology at Lockheed Martin Corp.
“The U.S. has critical infrastructure that requires protection not only in the military, but the energy, banking, commercial and finance,” Dudzik said at the NDIA meeting.
At least 85 percent of U.S. digital infrastructure is not defended by the government, he said. The Defense Department alone has 15,000 computing networks that are connected to 7 million devices. All of them need protection, not just Air Force systems, Dudzik said.
By 2025, “unique threat signatures” in the cyber realm are expected to grow to 200 million annually.
“That could be a low figure because the attacks systems are being automated,” Maybury said.
Welsh and Air Force Secretary Michael Donley are leading a joint effort to figure out how the service will organize, train and equip for war in the cyber realm, Maybury said.
The Army, Navy and officials from other defense and governmental agencies were brought in to collaborate on the project. Nearly 100 responses to a request for information poured in from industry, Maybury said.
“Coordination on investments in cyber[security] are essential,” Maybury said. “All the gap areas [other services] have as much as we have, maybe with only a slight difference. Many of the themes in here are not explicitly Air Force unique.”
A major difficulty is defining the boundaries of the cyber domain. The F-35 is 90 percent controlled by software, which raises the question of whether it should it be treated as an aviation asset or as a computing system at the periphery of a network, Maybury said.
Those and other complexities must be ironed out, because “this is not a domain this a one-off,” Maybury said.
Photo Credit: iStockphoto

Topics: Cyber, Cybersecurity