24th Air Force
(AFCYBER)
Col Robert Skinner
Commander, 688th Information Operations Wing
OVERALL CLASSIFICATION OF THIS BRIEFING
IS UNCLASSIFIED
11 Jun10
Unclassified
24 AF Perspectives on Cyberspace
• Only operational domain that is man-made
• Physical Domain (A place, Not a mission)
• Where Operations are conducted (Like Land,
Sea, Air & Space)
• Integrate operations conducted across
domains (don’t integrate domains)
• About Mission Assurance (not Network
Assurance)
"Cyberspace is not a mission, it is a place where
operations are conducted … and is about assuring
the mission, not about assuring the network”
–Maj Gen Dick Webber, AFNS, 20 Nov 09
Unclassified
2
Unclassified
Joint C2 Relationships
STRATCOM
JFCOM
As
Required
COCOMs
USCYBERCOM
CSE
AF CYBER
LNO?
USCYBERCOM
AEF Tasking
ACC
AFSPC
ACCE
C-MAJCOM
Lead MAJCOM MOU
AFCYBER
ACCE – Support to:
- Joint planning
- Targeting
- Weaponeering
- Interagency coord
- Synchronization
- COCOM/OPLAN CCIR
- Joint effects
- Deconfliction
- Other cyber components
(24 AF*)
Desired
Combat Communications Forces
ACCE: Air Component Coordination Element
COLE: Cyber Operations Liaison Element
CSE: Cyber Support Element
DAL: Defended asset list
624 OC
AF CYBER
FORCES
As
Required
C-NAFs
COLE
AOC
COLE– Provides support to:
- Theater planning
- Joint effects coordination
- Mission assurance
- Synchronization
DAL
CC Intentions
CC Priority
Hunter Team
3
Unclassified
Unclassified
AF Cyber Force Capabilities
14 AF
8 AF
24 AF / AFNETOPS
AFSTRAT
AFSTRAT
AFCYBER
614 AOC
608 AOC
624 OC*
Operational Integration
AFISRA
 Cyber C2
 Operational planning
 Mission integration
 Cyber fusion
Direct Support
ARC Forces
67th NWW
 Combat Comm  Full Spectrum
 Engineering and
NetOps
Installation
 Net Control
 Blue Team
 ESSA
assessment
 CORA
 Full Spectrum
 AFCERT*
Cyber Ops
 MCCC
 3x(CACS)
688th IOW
 Hunter teams
 TTPs
 Cyber OT&E
 Rapid tool
development
 Blue Team
assessment
 Engineering
and installation
689th CCW
 Combat Comms
 Hammer Ace
 Global Net
extension
659th ISRG
 SIGINT support
 Threat analysis
 NTI
 Threat warning
 Target development
•Law Enforcement/AFOSI Presence
ESSA: Electronic System Security Assessment
CORA: Cyber Operational Risk Assessment
Hammer Ace: Rapid deployable comm
NTI: National Tactical Integration
Unclassified
4
Unclassified
Acquisition & Development Process
• Increasingly dynamic environment
Ops
&
Innovation
• Streamline acquisition processes
• Rapid capability delivery
• Meet warfighter needs
Current
Rapid
(UON/JUON)
• Leverage DISA/NSA tools
and capabilities
Foundational
Unclassified
5
Unclassified
Mission Assurance
vs. Network Assurance
Mission Assurance
Network Assurance
• Operator business (A3)
• Service provider business (A6)
• Assure mission accomplishment
• Assure the network works
• Focuses on operational need
• Focuses on service availability
• Prioritizes defense
• May deny mission to ensure
the network is protected
• Establishes operational “crown
jewels”
• Attempts to defend everything
• Integrates intelligence
• Can dismiss the greater threat
preparation into threat response due to lack of tangible effects
• Response to attack:
fight through
• Response to attack:
disconnect
Our Mission Is To Make Sure The Warfighter Can Perform The Joint
Mission
6
Unclassified
Unclassified
Priorities
•
•
•
•
•
•
•
•
Real time situational awareness
Filter mountains of data for relevance
Be proactive with vigilant monitoring
Standardize network architecture
Fight through an attack
Reroute critical traffic
Kill malicious traffic
Respond with active forces
Build The Foundation For The OODA Loop
Unclassified
7
Unclassified
Challenges
•
•
•
•
•
•
•
Cyber: High demand, low density
Command and control at the speed of war
Real-time situational awareness
Size and complexity of the network
Heterogeneous networks
Time to build Cyber capabilities
Advanced adversaries
Unclassified
8
Unclassified
Services Working Together
• CJCSM 6510.10 directs services to: “share and
corroborate [incident info] for validation and situational
awareness.”
• Accomplished through incident reporting process
• Response actions directed by USCYBERCOM via TCNOs,
IAVAs or OPORDS as needed
• Joint Exercise BULWARK DEFENDER
• Annual CND exercise, all services participate
• Robust scenarios developed by services and USSTRATCOM
• Services attend valuable lessons learned conf. POST-EX
• Service Liaison Officers
• 688 IOW has LNOs from all services and NSA
• Ensures valuable exchange of tactics and lessons learned
Unclassified
9
Teaming with Industry/Academia
•
Working on partnerships with large
enterprise-focused commercial companies
• Academic Partnerships:
•
•
•
•
•
•
Saint Mary’s University Cyber Security Conference
Defense Technological Cluster (DTC)
Air Force Institute of Technology
UTSA
Vanderbilt
George Mason
“We must establish close & continuing relationships with our
joint partners, industry and academia”
10
- Secretary of the Air Force, “Air Force Cyberspace Mission Alignment”, 20 Aug 2009
Unclassified
24 AF Way Ahead
•
•
•
•
•
•
•
•
•
•
•
Build cyber situational awareness
Create mission assurance paradigm
Normalize NetOps and defense
Complete Ops Center transformation
Operationalize cyber C2
Space and Cyber integration
Mature joint relationships
Partner with industry
Increase capacity
Total Force Integration
Grow component-NAF staff
Crawl  Walk  Run
Unclassified
11