Two of the common, long-running criticisms aimed at the Defense
Department are that it has a lethargic acquisition process and, during
peacetime, falls short on innovation. The two appear to converge in the
emerging cyber domain, as threats move at what many describe as “cyber
speed.” In wartime, the military attracts and leverages “some of the
most innovative folks on the planet,” Steve Blank, an instructor for the
new Hacking 4 Defense course
at Stanford University, said this month. “It’s just that when they get
back to peacetime, they collapse back to one of the most bureaucratic
organizations on the planet.”
DOD recently has taken aim at this innovation deficiency in a project called the Third Offset Strategy,
the brainchild of Deputy Defense Secretary Robert Work and Vice
Chairman of the Joint Chiefs of Staff, Air Force Gen. Paul Selva. The
speed and pace of cyber threats are bombarding network defenses and
forced the military services to think outside the box in more rapid and
innovative fashions.
“We have a pretty established acquisition fielding process in the
Department of Defense, so it doesn’t move at the speed of cyber, let’s
put it that way. That’s always a challenge,” Maj. Gen. Burke “Ed”
Wilson. commander of the 24th Air Force, or AFCYBER, told Defense Systems. Wilson also confirmed that there will be a change of command at 24th
in mid or late June, saying Maj. Gen. Chris Weggeman – currently
serving at the U.S. Cyber Command in the J-5 role, or in strategy and
plans – will take over the command and just received his second star
last week.
On the eve of his departure, Wilson offered his assessment of some of
the challenges of standing up an entirely new force in a new domain,
and talked about what’s to come. The dynamics of cyberspace, he said,
posed a significant challenge to establishing new cyber force –
particularly since the 24th was simultaneously in the fight during the build, which should reach full operational capability by September 2018.
“We’ve come up with some pretty innovative strategies on how to put
new capabilities in people’s hands. We’re using the Air Force’s weapons
systems approach, which is how we normally purchase most things…that’s
worked real well, so we’re proud of that,” said Wilson, who also
commands Air Forces Cyber under the U.S. Cyber Command as well as Joint
Forces Headquarters-Cyber, which will also go to Gen. Weggeman in
June.
These strategies for getting capabilities out as fast as possible are
necessitated by the old military adage that says the enemy gets a vote.
Noting how fast the pace of cyber threats are today, Wilson said he has
yet to find a comparative historical example. “It’s a challenge because
they move so fast,” he said lumping all cyber threats – from nation
states, non-state groups, criminal organizations and so on – together.
For context, according to a presentation last week given by Air Force Lt. Col. Patrick Daniel, deputy director for Strategy and Plans at Joint Force Headquarters-DOD
Information Networks, in a single day 8.2 million emails traverse DOD
networks, resulting in 43,000 attempted intrusions and 30 suspicious
events requiring human analysis. When scaled up to a year, the numbers
jump to 3 billion, 16 million and 11,000, respectively.
One of the ways the Air Force is addressing this challenge is through the establishment of a cyber proving ground, first announced in December
by Col. Robert Cole, director of Air Forces Cyber Forward. “The Cyber
Proving Ground’s focus is to really partner, so we have some organic
capabilities to develop unique tools. But in most cases, industry’s
already addressed some of those problems,” Wilson said, noting that the
pace of the threat and “cyber speed” has forced the service to be more
nimble, agile and innovative. “What we’re seeing is in our defensive
action – and some of our potentially offensive actions, our command and
control, situational awareness, some other lines of effort – is the need
to be able to field very rapidly applications, capabilities…that
actually we can put in our operators’ hands very aggressively, very
quickly.”
“I would describe what happens in the commercial sector and
innovation as sort of like a grass fire. If somebody doesn’t stamp it
out it’s always burning. And it’s going to consume an awful lot of
territory but it happens slowly and then it jumps. I would describe
innovation in the Defense Department as a forest fire: ‘Holy sh*t, we’re
on fire, let’s put it out,’” Selva candidly admitted at
the McAleese & Associates and Credit Suisse 2017 Defense Programs
conference March 10. “So we go through these periods in the
department…one leader or two says ‘innovation is important, we have to
figure out a different way to do what we’re doing, we have to get better
at this,’ and we get a step change. And the next leader comes in and
says, ‘Stop. What you’re doing scares me. I don’t understand it. I don’t
like it. It doesn’t comport with my view of how military organizations
are led', and they put out the forest fire.”
The Cyber Proving Ground, which forces will move into in May, is
aimed to be a collaboration between “acquisition community and our
operations community to bring small projects in and work with industry,
work with the labs, work with academia, to be able to take a look,
assess very rapidly from an operations perspective and then make
decisions on whether we want to field or not,” Wilson said. It’s modeled
after the large tech firms with open spaces – no cubicles – to engender
collaboration. In taking concepts, teams will assess tools from an
operational perspective and “try it out quickly over on a range that we
can set up…and then learn from it. If it looks good, roll it into
operations, if not, we’ll send it back to the team that’s doing the
thinking and maybe modify the behavior and then come back in weeks to
months – might be months – and then try it again with the modified
behavior,” Wilson said. “Think big, start small, scale fast – that’s the
mantra we’ve given the team. So we want them to be very aggressive,” he
added.
The initial focus of the teams will be in command and control –
battlespace awareness, situational awareness – defensive cyber
operations and offensive cyber operations. However, the idea is not to
undertake daunting projects such as reconfiguring Air Force networks.
“If you noticed, I didn’t include network operations…We’ll get to that
but I don’t want the team trying to re-architect the Air Force network
in the first project. We want very quick hitting progress,” he said
noting that the aforementioned focus areas tend to be fairly small
applications.
In terms of moving toward full operational capacity, Wilson offered
both strategic and tactical challenges. Strategically, Wilson said,
learning how to scale operations as capacity is added will involve a
learning process. These same difficulties will be seen at a more
immediate and tactical level as well, with additional challenges
associated in maintaining training and deploying capabilities in the
immediate term.
Regarding recruiting and retention, Wilson noted that the Air Force
has had many problems. For open positions, the force has had several
qualified candidates to fill them. Wilson did express concern, however,
of needing to motivate individuals, citing the pay discrepancy between
the more lucrative private sector and government as a potential
competitive problem, although to date this has not been much of an
issue. Wilson attributed this to the mission set folks can work with the
Air Force’s cyber teams.
Wilson also offered an update to the Air Force’s Task Force Cyber Secure, which
was established by Air Force Chief of Staff Gen. Mark Welsh III in
March 2015 to focus on three main lines of effort: diagnosing of the
extent of the cyber threat and vulnerabilities that impact core
missions; making plans for risk management development to enable
aircraft to fly and win in cyber-contested domains; and making
recommendations for investment priorities on how to address
cybersecurity challenges.
Wilson said as a result of Task Force Cyber Secure, the acquisition
community has worked across its portfolio to field new capabilities and
conduct operations, even establishing a center of excellence for cyber.
The force has also established an initiative called Communications
Squadron Next to look at the skills and capabilities needed within
communication squadrons as a means of providing resiliency to
installations for all cyber missions. Communications Squadron Next, as
explained in a recent Air Force release, is
“a restructuring of base communications squadrons. The focus will be
for comm squadrons to shift more from an information technology to a
mission assurance focus. Traditionally, the communications squadron's
role was to provide support for any IT device or service used for
communication, like radios, giant voice, etc. Comm Squadron Next will
help mobility airmen understand the process for their wing operations to
be successful, and they will speak the same language.”
Wilson said that Supervisory Control And Data Acquisition systems
used in infrastructure as well as mission systems such as the F-22 and
F-35 aircrafts and GPS control stations must be resilient in the face of
increasing attacks. “We believe that the comm squadron will be … really
our core capability, but we need to transition that in some fashion to
be able to provide mission assurance in those other areas,” he said. “So
that’s been a real focus with the Task Force Cyber Secure.”