The Air Force has realized that simply trying to wall off its networks from cyber threats, which become more sophisticated every day, will work about as well as the Maginot Line. So it is working on a two-pronged approach to protect its most valuable information and to ensure that it can transmit that information even while under attack. This effort reflects a shift from the Air Force's focus on defending networks to protecting what really matters: the data itself.
"Our adversary has found ways to get over, under, around, and through our defenses," said Air Force Maj. Gen. Earl Matthews, chief of cyber operations in the Air Force's Chief Information Officer's shop during a Sept. 18 speech at the Air Force Association's annual conference just outside of Washington. "We still need to protect the network, but we must also protect the reason for the network, the data and information that resides and flows through the network.... [That] must be our focus."
One of the biggest parts of the service's effort to protect its ability -- and DoD's ability as a whole -- to move critical data is something called the Joint Aerial Layer Network, a plan to provide multiple means of communication for the military should it find its radio, cellular, computer, or even satellite communications networks jammed by the enemy.
"We need resiliency in our hardware and our applications...the ability to endure outside stresses from an event, multiple events and to be able to continue to function," said Matthews. "If our satellite communications capabilities were to be temporarily interrupted, how would we pass information to the aircrews and warfighters at the edge? We would need an alternate link, perhaps a radio."
The Joint Aerial Layer Network is meant to "link air, space, and cyber forces together, providing resilient capabilities in each of those domains," added Matthews. The network will consist of aircraft, manned and unmanned (drones can stay aloft much longer than manned aircraft), that provide a backup communications system allowing U.S. forces to pass data in real time should their radio, satellite, or Internet communications be taken out. These aircraft will contain a variety of transmission and relay devices known as "smart nodes," allowing U.S. forces to pass data to one another. An existing example of the type of system is the Battlefield Airborne Communications Node (BACN, yes it's pronounced, "bacon"). BACN is being used now in Afghanistan -- it is sometimes hoisted aloft by ancient WB-57 Canberras, one of the world's first jet bombers, designed just after World War II -- where it translates and passes data that troops, aircraft and command centers send from a variety of communications devices that weren't originally designed to communicate with one another.
All of this is part of the Pentagon's plan to fight an adversary that will try to blind the United States in a conflict -- removing the massive advantage provided by all the UAVs, satellites, guided munitions, and stealthy jets loaded with sensors that have given the U.S. an edge for decades.
"All command and control runs through cyber now," said Matthews. "We can't launch [the Air Force's newest fighter] aircraft, the F-22 or the F-35, without the network being established and operating and secure. . . . Not a single [UAV] mission would be possible without a functioning and secure cyber domain."
The obvious question is, just how many aircraft will be needed to do implement the aerial network and what happens when the enemy attacks it, either with missiles or cyber weapons?
When it comes to actually protecting data, the service is moving to encrypt as much sensitive data as it can. The Air Force recently ordered that all personal information -- data that can be used to glean an airman's identity -- be encrypted before it is transferred across the service's networks. That's right, the air service is just as concerned about protecting its members' personal information from hackers as online-privacy advocates are about protecting citizens' information from the government.
This is just the start.
"As we identify other information, critical to our Air Force operations, [Lt. Gen. Mike Basla, the Air Force's CIO] intends to establish similar criteria and policies focused on the protection of mission-essential information and data on our networks, especially information like deployment readiness or logistics data," said Matthews.
Deployment readiness and logistics data may sound boring, but it is hugely important, as Maj. Gen. Christopher Bodgan, deputy program manager for the F-35 Joint Strike Fighter pointed out this week when he revealed that the jet's computerized maintenance system called ALIS (Autonomic Logistics Information System) had to be tweaked to prevent spies from hacking it. Gaining access to ALIS would let hackers see how many of the jets were able to fly versus how many were down for maintenance and other details that could be extremely useful when planning to fight U.S. air forces.
"You don't mission-plan without it, you don't maintenance debrief without it, you don't pull your training records without it, you don't make sure the airplane is ready to go without it -- so it's so crucial to maintaining this airplane. It's frightening, almost," said Bodgan during the same conference. "One of the big problems was security. You can imagine that a system that has all that information about an F-35 Joint Strike Fighter in it: what parts need to be fixed, what pilots are qualified, what maintainers are qualified, what mission planning is going on. You've got to protect that information.... We did some testing and found some vulnerabilities."
U.S. Air Force