24th Air Force(AFCYBER)

Col Robert Skinner

Commander, 688th Information Operations Wing

OVERALL CLASSIFICATION OF THIS BRIEFING IS UNCLASSIFIED

11 Jun10

2

Unclassified

Unclassified

24 AF Perspectives on Cyberspace

• Only operational domain that is man-made• Physical Domain (A place, Not a mission)• Where Operations are conducted (Like Land,

Sea, Air & Space)• Integrate operations conducted across

domains (don’t integrate domains)• About Mission Assurance (not Network

Assurance)"Cyberspace is not a mission, it is a place where "Cyberspace is not a mission, it is a place where

operations are conducted … and is about assuring operations are conducted … and is about assuring the mission, not about assuring the network” the mission, not about assuring the network”

––Maj Gen Dick Webber, AFNS, 20 Nov 09Maj Gen Dick Webber, AFNS, 20 Nov 09

3

Unclassified

Unclassified

Joint C2 Relationships

USCYBERCOMUSCYBERCOM

STRATCOMSTRATCOM

624 OC

COCOMsCOCOMs

C-NAFs

AOC

AFSPCC-MAJCOM

COLE

AF CYBER FORCES

USCYBERCOM CSE

ACCE

ACCE: Air Component Coordination ElementCOLE: Cyber Operations Liaison ElementCSE: Cyber Support ElementDAL: Defended asset list

AF CYBER LNO?

As Required

AFCYBER(24 AF*)

ACCE – Support to: - Joint planning - Targeting - Weaponeering - Interagency coord - Synchronization - COCOM/OPLAN CCIR - Joint effects - Deconfliction - Other cyber components

COLE– Provides support to: - Theater planning - Joint effects coordination - Mission assurance - Synchronization

DAL CC Intentions CC Priority Hunter Team

As Required

JFCOMJFCOM

ACC

Combat Communications Forces

AE

F T

ask

ing

Lead MAJCOM MOU

Desired

4

Unclassified

Unclassified

Operational Integration

AF Cyber Force Capabilities

14 AFAFSTRAT

624 OC*

24 AF / AFNETOPSAFCYBER

AFISRA

614 AOC

67th NWW 688th IOW 689th CCW 659th ISRG

Cyber C2 Operational planning Mission integration

Cyber fusion

•Law Enforcement/AFOSI Presence

ESSA: Electronic System Security AssessmentCORA: Cyber Operational Risk Assessment

Hammer Ace: Rapid deployable commNTI: National Tactical Integration

Full Spectrum NetOps

Net Control ESSA CORA

AFCERT*

Hunter teams TTPs

Cyber OT&E Rapid tool

development Blue Team

assessment Engineering and installation

Combat Comms Hammer Ace Global Net

extension

SIGINT support Threat analysis

NTI Threat warning

Target development

Combat Comm Engineering and

Installation Blue Team assessment

Full Spectrum Cyber Ops

MCCC 3x(CACS)

608 AOC

8 AF AFSTRAT

ARC Forces

Direct Support

5

Acquisition & Development Process

• Increasingly dynamic environment

• Streamline acquisition processes

• Rapid capability delivery

•Meet warfighter needs

• Leverage DISA/NSA tools and capabilities

Foundational

Ops&

Innovation

Current Rapid

(UON/JUON)

AFM

C

E

SC

A

FSP

C

Unclassified

Unclassified

6

Unclassified

Unclassified

Mission Assurance vs. Network Assurance

Mission Assurance Network Assurance• Operator business (A3) • Service provider business (A6)

• Assure mission accomplishment • Assure the network works

• Focuses on operational need • Focuses on service availability

• Prioritizes defense • May deny mission to ensure

the network is protected

• Establishes operational “crown

jewels”

• Attempts to defend everything

• Integrates intelligence

preparation into threat response

• Can dismiss the greater threat

due to lack of tangible effects

• Response to attack:

fight through

• Response to attack:

disconnect

Our Mission Is To Make Sure The Warfighter Can Perform The Joint Our Mission Is To Make Sure The Warfighter Can Perform The Joint Mission Mission

7

Unclassified

Unclassified

Priorities

• Real time situational awareness• Filter mountains of data for relevance• Be proactive with vigilant monitoring• Standardize network architecture• Fight through an attack• Reroute critical traffic• Kill malicious traffic• Respond with active forces

Build The Foundation For The OODA Loop Build The Foundation For The OODA Loop

8

Unclassified

Unclassified

Challenges

• Cyber: High demand, low density• Command and control at the speed of war• Real-time situational awareness• Size and complexity of the network• Heterogeneous networks• Time to build Cyber capabilities• Advanced adversaries

9

Unclassified

Unclassified

Services Working Together

• CJCSM 6510.10 directs services to: “share and corroborate [incident info] for validation and situational awareness.” • Accomplished through incident reporting process• Response actions directed by USCYBERCOM via TCNOs,

IAVAs or OPORDS as needed

• Joint Exercise BULWARK DEFENDER• Annual CND exercise, all services participate• Robust scenarios developed by services and USSTRATCOM• Services attend valuable lessons learned conf. POST-EX

• Service Liaison Officers• 688 IOW has LNOs from all services and NSA • Ensures valuable exchange of tactics and lessons learned

10

• Working on partnerships with large enterprise-focused commercial companies

• Academic Partnerships:• Saint Mary’s University Cyber Security Conference• Defense Technological Cluster (DTC) • Air Force Institute of Technology• UTSA• Vanderbilt• George Mason

Teaming with Industry/Academia

“We must establish close & continuing relationships with our joint partners, industry and academia”

- Secretary of the Air Force, “Air Force Cyberspace Mission Alignment”, 20 Aug 2009

11

Unclassified

Unclassified

24 AF Way Ahead

• Build cyber situational awareness

• Create mission assurance paradigm

• Normalize NetOps and defense

• Complete Ops Center transformation

• Operationalize cyber C2

• Space and Cyber integration

• Mature joint relationships

• Partner with industry

• Increase capacity

• Total Force Integration

• Grow component-NAF staff

Crawl Crawl Walk Walk Run Run