This Briefing is:OVERALL CLASSIFICATION OF THIS BRIEFING IS

UNCLASSIFIED

24 AF

Technology and Innovations

Brig Gen Mitchel Butikofer

Vice Commander

Mission

“American Airmen delivering full-spectrum, global

cyberspace capabilities and effects for our Service,

the Joint Force, and our Nation”

We Build, Operate, Secure, Defend, Extend, and Engage In, From,

Through Cyberspace to FLY, FIGHT, and WIN for America!

“This is a warfighting HQ and so we will integrate all required Joint Component

Warfighting functions into our Staff--One Staff, One mission. This construct will also

drive improved Offensive and Defensive mission integration.”

Maj Gen Weggeman, Commander

UNCLASSIFIED

UNCLASSIFIED

2

Technology Office (TO) Mission

Mission

To advance technology of Air Force Cyberspace Operations by understanding

the latest advancements within industry, academia, national and services

labs, the Air Force science and technology community and other entities.

Major Projects

Cyber Proving Ground (CPG)

Cyber Multi-domain Innovation Team (CMIT)

AFSPC S&T

Partnerships

Current and Planned Efforts

UNCLASSIFIED

UNCLASSIFIED

CPG Summary

• CPG Projects: 18 Active (15 in Discovery/Early Involvement)

• Offensive 7 (7)

• Defensive 7 (6)

• C2/SA 4 (2)

• UNCLASSIFED Examples:

• ICS Protection in evaluating 15 unique protocols to improve CVA/H

• Assessing C2/SA capabilities for data analytics and visualization

• Review available tools to automate threat correlation

• Focus/Way-Ahead

• Current Projects heavy on organic innovation (318th roots)

• Working a few MUAs from external partners Area of growth!

• Not leveraging industry and academia enough The ORACLE will help!

• Strengthening relationships/partnering with ops community

UNCLASSIFIED

UNCLASSIFIED

Cyberspace Multi-Domain Innovation Team (CMIT)

• Joint 24 AF - 25 AF team to satisfy component operational needs,

exercising organic resources to tailor capabilities

• Leverage Cyber, EW and ISR platforms & processes—platform agnostic

• Requirements received from air components, CCMDs, and JTFs

• CMIT supports rapid prototype and TTP development/ops demos

• Capabilities go through CFLs & SPOs for sustainment (if necessary)

Other 24th AF/TO Efforts

AFSPC S&T Program

• Drive cyber operational perspective on S&T needs for AFSPC Core

Function Support Plan

• Generate ideas and contribute to annual materiel concepts

Partnerships

• AFRL, MITRE, DIUx, USAFA’s CyberWorx

Current and Planned Efforts

• AT&T; CISCO & Microsoft engineers; ICS/SCADA analysis; Dr. Watson;

TD/TA Summit; AF Innovation Summit

UNCLASSIFIED

UNCLASSIFIED

Other 24th AF Tech Efforts

• Automated Remediation and Asset Discovery (ARAD)

• Joint Regional Security Stack (JRSS)

• Enclave Control Node and Enclave NIPR Firewall & ASIM

Sustainment Modification (ENFAAS)

UNCLASSIFIED

UNCLASSIFIED

Automated Remediation & Asset Discovery (ARAD)

IOC Declared: 15 Dec 2016• Provide a real-time, standardized, simplified architecture/solution for rapid and automated

Network Operations and Defensive Cyberspace Ops

• Implemented on 500K+ endpoints

• Plain language queries; Responds with current data in 1-15 minutes

• Automate Vulnerability Management (Patch Compliance)

• Achieved 99.7% success rate on managed endpoints

• Implemented 8 hour refresh automatically remediating managed endpoints

• Building automated cyber scorecard status

• Defensive Cyberspace Operations (DCO)

• Zero-Day responses across the enterprise in minutes

• 1,500 Indicators of Compromise developed and operational

• Way Ahead

• SAF/CIO will mandate ARAD on all endpoints across AFIN

• Implement on all AFNet endpoints (includes Functional/Mission Systems)

• Implement ARAD on all AFNet-S endpoints

UNCLASSIFIED

UNCLASSIFIED

Joint Regional Security Stack (JRSS)

• Provide a next-generation, standardized, enterprise defense-in-depth and consolidated

Cyberspace Control for Department of Defense Agencies

• Region based stacks built out across the US, Army and Air Force migrating

• Defense Information System Agency sustains & maintains stacks for Services

• Phased based rolling capability installs

• Deliberate planning for capabilities to be rolled into the stack as available

• V 1.0 met Army needs, V 1.5 met USAF needs, V 2.0 in engineering/planning

• All DoD to migrate, bases moving as US regions finish, overseas installs starting – new installs at latest version,

old stacks upgraded on schedule

• Automated Failover and Routing

• 2 stacks per region, 2 “sides” per stack, bases can re-align to any working stack (cross region) – ensures

connectivity through catastrophic failures

• Management & Control of stack also fails over and has multiple pathing options

• Way Ahead

• Continue USAF migrations to US regional stacks, sharpen new ops processes

• Awaiting installation and certification of overseas stacks for migration

UNCLASSIFIED

UNCLASSIFIED

Enclave Control Node and Enclave NIPR Firewall & ASIM Sustainment Modification (ENFAAS)

Planned Completion: 30 Sep 2016

• Replace End-of-Life & End-of-Support Sidewinder Firewalls with Next-Generation

Palo Alto Firewalls

• Replaces Active Duty & Air National Guard firewalls – 2 different architectures

• Provides new capabilities, sustainment & lifecycle management for base boundary

• Next-Generation Boundary Defense

• Upgrade from mid-2000’s firewall to current hardware solution/capabilities

• Module based upgrades – as vendor develops solutions can we integrate them

• Builds Automated Security Incident Management (ASIM) into Boundary

• Automated classification of network events for operator review

• Reduces workload by consolidating number of devices needed for previous ASIM solution

• Way Ahead

• Air Force Life Cycle Management Center providing “turn-key” solution

• Plan for Operational Test and Evaluation to ensure operators can use system

• Commence installs Mar/Apr 17UNCLASSIFIED

UNCLASSIFIED

Other 24th AF Efforts

• Joint Force Headquarters – Cyber (JFHQ-C)

• Director of Cyber Forces (DC4)

• Cyber Security Services Provider (CSSP)

UNCLASSIFIED

UNCLASSIFIED

Multi-Domain C2 DNA

UNCLASSIFIED

UNCLASSIFIED

• Cyberspace Operations C2 DNA is maturing rapidly

12JFHQ-FWD is the full-spectrum cyber integrator with supported CCMD

USCYBERCOM

USCYBERCOM

J3 / JTF ARES

JFHQ-Cyber

AFCYBER

CMTs

CSTs

CCMD

CCMD

JCC/J3

JFHQ-FWD

(OCO/DCO)

Air Component

DIRCYBERFOR

• Plans, Coordinates, Synchronizes

Full spectrum cyber ISO CFACC

• Fully integrated into AOC Divs

• 7 personnel: Dir +6

NKDO Shop

DIRSPACEFOR

• FWD extension AFCYBER

• Plans, Coordinates, Synchronizes

Full spectrum cyber ISO CCMD

• Approx 45 ppl for Geo CCMD

OCO General Support To

CCMD

USAF 39 IOS

DIRCYBERFORKey Organize, Train and Equip Tasks

• Resource 39 billets (& grades) for FY18 implementation

Spread throughout the AOCs

USAFE/AFCENT/PACAF/AMC

• Publish the Operations Concept

• Identify training: AOC, AFCYBER, USCYBERCOM and

CCMD

• Incorporate cyber operations in AOC schoolhouse

training

Key Conceptual Points

• Establishing internal and external relationships must be

the starting point for the DC4

• Leverage best practices from DIRSPACEFOR/

DIRMOBFOR constructs, but look at innovative solutions

• Standardization of the general concept is necessary, but

flexibility in execution is expected

• DC4 successes from BLUE FLAG, PACIFIC SENTRY,

ULCHI FREEDOM GUARDIAN and VIGILANT SHIELD

should be incorporated into real-world operations

UNCLASSIFIED

UNCLASSIFIED

13One-stop Shop for Integrated Full-spectrum Cyber Effects

CFACC

AOC/CC

Strategy Div

Combat Plans Div

Combat Ops Div

ISR Div

Air Mobility Div

DC4

• (2) 17S O-3/4 or 1B4 E-6/7

• (1) 17S O-3/4

• (1) 17S O-3/4 or 1B4 E-6/7

• (1) 14N / O-3/4

• (2) 1N4X / E-5/7

CSSP Responsibilities

UNCLASSIFIED

UNCLASSIFIED

Listed below are the CSSP tasks the 24th AF manages.

Protect Detect Respond Sustain

Vulnerability

Assessment &

Analysis

Vulnerability

Management

Malware Protection

INFOCON/CPCON

Information Security

Continuous

Monitoring

Insider Threat

Warning Intelligence

Attack Sensing and

Warning

Cyber Incident

Handling

Program

Management

Personnel

Security

Administration

Service Provider

Information Systems

The Future Is Here …

• TO provides 24 AF/CC and CV technical advice

• Focused on delivering capability

• 24AF Accomplishment vs Activity: ARAD, DC4, JFHQ-C FWD, CSSP

UNCLASSIFIED

UNCLASSIFIED