At a Cyber Crossroads

June 1, 2012

The Defense Department’s networks are probed by unauthorized users close to 10 million times a day, and the threats are increasingly sophisticated, said Gen. William L. Shelton, commander of Air Force Space Command, at the Air Force Association’s second annual CyberFutures Conference in late March.

In most of those attacks, the assailants are attempting to steal proprietary information, degrade or shut down military operations, or insert malware to be activated at a later date.

“Many of these activities are detected, and I would submit that we’re darn good at protecting our networks,” said Shelton at the conference in National Harbor, Md. “Many, we surmise, however, remain undetected. The bad guys, frankly, are very good, too.”

In fact, cyberspace has become particularly attractive to US adversaries, especially less developed countries, because the “price of admission to the fight is so low,” said Shelton. Just about anyone can wreak havoc on US networks as long as they have the right brainpower, a cheap laptop, and an Internet connection. The US military is an inviting target, because it relies on cyberspace-based capabilities for almost every mission.

Air Force Chief Scientist Mark T. Maybury said the “most menacing threat” the US will face in the coming years will involve cyber espionage conducted by China, Russia, and Iran. However, he cautioned, the entire domain is highly contested and unlike the air domain, it will be extremely difficult to obtain superiority in cyberspace.

“Our responsibility in terms of national security is to protect the security of those systems,” said Maybury. “We’re moving from an environment [that has] gone from a fairly static and fairly uncontested, … uninterested environment, as a matter of fact, … [into a] highly fluid, dynamic decision-making environment where time is of the essence. And we’re talking 15 milliseconds.”

That’s why USAF has tried to protect cyber funding in the President’s Fiscal 2013 budget request. That request includes $4 billion for “cyberspace superiority,” said Air Force Secretary Michael B. Donley at the conference.

If approved, that funding will be used to invest in advanced technologies for monitoring and securing classified and unclassified networks. It also will support the ongoing migration to a single Air Force network, which Donley said will increase situational awareness and improve information sharing capabilities.

“While Air Force leaders made many hard decisions to align the FY13 budget request with the new defense strategic guidance and with the cuts required by the Budget Control Act, we made a concerted effort to protect funding for the Air Force’s top priorities,” said Donley. “This is good news for Air Force cyber programs, which fared comparatively well in this constrained budget environment.”

However, he acknowledged that the cost of cyber operations actually could be much higher—when one considers communication program elements and other network information technologies spread throughout the budget that also impact the cyber domain.

Though cyberspace is typically associated with the Internet, in the Air Force, cyber encompasses wireless logistics systems, land mobile radios, cell phones, integrated air defenses, and satellites, as well.

A Decade of Decisive Action

“Defining a discrete set of cyber numbers is pretty difficult,” said Donley. “I don’t think it’s settled yet, which actually proves the point in how ubiquitous this technology is in every aspect of our work. It’s very pervasive so I don’t think the numbers matter all that much right now.”

In the future, the blending of air, space, and cyber domains must be transparent, officials said. Roughly 90 percent of the F-35 strike fighter’s functionality is delivered by software, said Maybury, who wondered whether that actually makes the next fifth generation aircraft the very first “cybercraft.” In addition, every Predator or Reaper sortie requires 60 to 80 network touch points, many of them on commercial networks, said Maj. Gen. Suzanne M. Vautrinot, commander of 24th Air Force at JBSA-Lackland, Tex.

“Who would design that way? … When you design a weapon system, cyber is part of that design. It has to be designed in from the front end in order to make this useful,” said Vautrinot, referring to the high number of network touch points for each remotely piloted aircraft mission.

As the US military moves beyond the wars in Iraq and Afghanistan, it will likely encounter more anti-access, area-denial environments, said Lt. Gen. Larry D. James, deputy chief of staff for intelligence, surveillance, and reconnaissance at the Pentagon.

Relying on one domain to answer tough intelligence problems will no longer be possible as the Air Force faces adversaries with sophisticated jamming systems. That could be problematic, considering the ISR enterprise relies on satellite communications and ground networks to flow a “staggering” amount of command and control information back and forth, said James.

“With legacy data links, the airborne layer of the grid has been fairly straightforward, but as we get to advanced tactical data links, which will become much more likely their own individual data network address, the seams between ground, air, and space layers could start to show,” said Shelton. He added, “In cyberspace, a risk accepted by one is a risk shared by all. Our adversaries are probing every possible entry point into the network, looking for that one possible weak spot. If we don’t do this right, these new data links could become one of those spots.”

Vautrinot said, “We are in the decade of decisive action for cyber,” which means the military must have the patience for and a vision of future cyber technologies. Even though it can be difficult to predict 20 months out in cyberspace, the Air Force is trying to forecast possible threats to this new, man-made domain out to 2025.

The study—known as Cyber Vision 2025—is the most difficult Maybury said he has ever conducted, let alone led. The vision paper will mimic the recent Energy Horizons and Technology Horizons studies conducted by the office of the Air Force chief scientist in the last two years and will articulate what science and technology gaps the Air Force expects in the near-, mid-, and long term.

The paper is due to Donley and Chief of Staff Gen. Norton A. Schwartz in mid-July, said Maybury.

“The original plan was that this would take a full year. … The bad news is we have very little time to put together the vision. The good news is that we have the entire Air Force … engaged in this,” said Maybury. “This is not only an S&T vision, it’s also going to include mission support, which includes acquisition, accessions, policy, perhaps even doctrine, although frankly, we haven’t spent a lot of time on doctrine.”

As part of the study, the Air Force has chartered an independent expert review group made up of two former Directors of National Intelligence, five former Air Force chief scientists, a former CIA director, and several nationally recognized cyber experts from national laboratories and academia to ensure the vision is top quality.

Air Force Space Command also is working on a Cyberspace Superiority Core Function Master Plan to help shape future funding and capabilities.

“Over time, the master plan’s strategy to reduce legacy defensive structures and processes, which are manpower-intensive, will allow the Air Force to recapitalize resources into more flexible and dynamic capabilities,” said Donley. The plan “will allow us to change the way the Air Force thinks about the cyberspace mission, essentially shifting our mindset on cyberspace.”

Thinking differently will be key if the Air Force wants to maintain an edge in cyberspace. Vautrinot said the Defense Department must move from a passive defense environment, where cyber experts are merely trying to catch up and figure out what the enemy did to the networks, into a more active era. That means changing the architecture from heterogeneous to homogeneous and automating that environment to free up more brainpower.

The Air Force currently has a capacity problem where complex sensors from sophisticated RPAs and ISR platforms are simply pushing out more information than analysts could ever hope to process. James cited a RAND study, which said that by about 2016 the US military would need about 100,000 analysts to do this job (up from 5,000 to 7,000 today). “So, obviously, we can’t do that,” he said. “We have to let the machine do a lot of that. Bringing the machines, the tools, the processes into this ISR domain, so we can do that process, dissemination, and exploitation, is absolutely critical.”

Vautrinot used a football analogy to explain the Air Force’s cyber defenses. Specifically, she cited the 1985 career-ending play for Washington Redskins quarterback Joe Theismann. During a Monday Night Football game, Theismann took the snap and handed the ball off to his running back, who in a complex play, then tossed the ball back to Theismann. “Up to now, the quarterback is defined by what the quarterback sees, but he’s about to be defined by what he doesn’t,” said Vautrinot.

Legendary New York Giants defensive end Lawrence Taylor came from behind and sacked Theismann, breaking his leg and ending his career on live television in what NFL viewers in an ESPN poll dubbed the “most shocking moment in history.”

“It’s important to think about the game-changing nature of defense and, more importantly, that you don’t want the adversary to come back and play another down,” said Vautrinot. “So you set yourself up in a proactive environment and you take advantage of what you understand about your network and what you understand about your adversary, because the adversary has a blind side. The adversary thinks we are doing nothing, and you can take that to the bank and, therefore, you can make it to your advantage.”

Needed: White Hat Hackers

Actively defending the network requires a layered defense, which is why the Air Force is putting hundreds of touch points on its network through a gateway structure. Such a system gives cyber experts the visibility and awareness they need, to know what’s going on across the architecture.

Going back to the football analogy, Vautrinot said cyber forensics is like watching game tapes. “When you look at forensics, you are looking at the game tapes over and over. And if you watch the game tapes, just like in sports, then you can predict what the play looks like. You can see the setup coming and you can get in the backfield long before the football is released. … If you know what the setup is going to look like, you can write a signature and you can prevent that setup from being effective in your neighborhood,” she said.

Most of the Air Force’s cyber priorities are defensive in nature because it is believed the service must establish a strong defense before it can “swing toward offensive cyber operations and contingency network extensions,” said Shelton.

However, Shelton warned that the lack of cyber recruits capable of accomplishing this mission is a “serious national security issue.” Although the Air Force is producing the right kinds of people on the backside of the pipeline, it just isn’t getting the right people, with the right backgrounds, in the front end.

Only about four percent of degrees granted in the United States are technical in nature. The eligible pool of recruits, though, is even smaller than that, considering the number of foreign nationals graduating with degrees in those areas, the number of people who actually want to work in national security, and the number of people who can pass a background check, said Shelton.

Nonmilitary organizations “also may pull some of that talent,” and of the remaining pool, “many of these folks aren’t the kind of folks that would necessarily take well to the military life,” he added.

Lynn A. Dugle, Raytheon’s president of intelligence and information systems, acknowledged the Air Force has an uphill battle recruiting the sometimes eccentric personnel needed to seize the initiative in the cyber realm. Though many of the most talented white hat computer hackers are more comfortable coming to work barefoot than donning a uniform, Dugle said there is no reason the service can’t attract the best.

“The most important element of attracting and retaining a great cyber team … is the quality of the work and the degree of the challenge,” she said. “While I think we’re very well-suited to perhaps relax some of the work environment rules, … the bottom line is you supply great work tools and interesting work, and the best of the best will come to you.”

Donley said the Air Force has made “considerable progress” in its efforts to meet the ever-evolving challenges of cyberspace, by fielding more than 45,000 trained and certified professionals.

It will continue building on those efforts this year by establishing three new cyber units—two Air National Guard information operations squadrons located in Washington state and California and one Air Force Reserve association with the Active Duty 33rd Network Warfare Squadron at JBSA-Lackland. The Air Force also plans to expand the Maryland Air National Guard’s 175th Network Warfare Squadron, he said.

“As we consider the future, it’s daunting to imagine the changes that may be in store for our nation,” said Donley. “But if the transformative air and space technologies of the 20th century are any guide to where we may be headed with cyberspace in the 21st century, we are in for an exciting adventure.”