Years after establishing a cyber fighting arm, the U.S. Air Force is still trying to define just what cyber operations are so that it can determine what troops and resources it should dedicate to cyber security versus simple IT work -- and increase its offensive cyber capabilities.
Right now, the military -- and rest of the government -- lumps everything from basic antivirus protection and network maintenance work into the "cyber" category, along with high-end operations along the lines of Stuxnet. The looseness of the definition has caused enormous confusion among military officials trying to figure out how to fund and organize themselves for cyber operations.
"The Air Force, a few years ago, made a decision that our legacy communications and information experts would all become cyberspace experts," said the Air Force's chief information officer, Lt. Gen. Michael Basla (shown above) during a briefing with reporters at the Pentagon last week. "That has a lot of good logic behind it because a good portion of that force has a lot of the technological expertise required in the cyberspace domain."
However, most of these people build and maintain networks; they are not involved in or trained for high-end cyber espionage and combat. So now the service is trying to separate IT administration from cybersecurity.
"I think we will draw a clearer line and distinction between what is required to build, operate and maintain [Air Force networks] and what is required to operate on the network," said Basla. "So it's building versus operating on it. I think operating on it will be where we coalesce on our definition of cyberspace operations."
Such a definition is badly needed since everyone from the Air Force's chief of staff, Gen. Mark Welsh, to the Government Accountability Office has been confused by the nebulous definition of cyber.
Basla said the service divides its cyber forces and tech buys into three categories:
- First, perhaps 94 percent of Air Force cyber resources go toward the day-to-day operations and network defense: "We've got to have an ability to defend our networks so we can perform those missions with a freedom of action, whatever that case may be, if that's controlling our remote piloted aircraft from Creech [Air Force Base] in Nevada all the way to somewhere halfway around the world; that has cyber elements. That is the bulk of our activity that is where most of the money is, that's where the people are."
- Next are the Air Force's aggressive, "active" cyber defenses, which engage about 5 percent of the service's resources. "Defensive cyberspace operations is a pro-active defense strategy. What that means is we are attuned to [suspicious] activity in the network, we're discovering, we're detecting, we're analyzing and then we're taking action when we discover something that is a potential threat so we can avert that threat or we can shut that threat down."
- Last, there's the highly classified world of offensive cyber operations. "This is, just like the term implies, when you take offensive action [similar to] other activities to the air, land, space, sea domains; that's a really small portion of the force, it's like, less than 1 percent," said the three-star general.
While basic network defense and maintenance takes up most of the service's cyber resources, Basla wants to automate as much of that activity as possible, for example through "smart networks" that can identify security weakness, so that the Air Force can focus most of its cyber resources on the ever-increasing demands for the active defense and offensive sides of cyber.
"Defending the net up front, operating and maintaining it day to day is our biggest responsibility and takes the most resources," said Balsa. "We want to automate some of these functions because we'll see [increased] demand signals on the other side and we're going to have to have trained personnel to" address.
Better defining cyber operations will help the military decide how to allocate precious resources to cyber. In September, Gen. Welsh said that he is wary of committing resources to cyber until he has a better feel of just what is expected of his service in that domain.
"I don't know of a really stated requirement from the joint world, through U.S. Cyber Command in particular, as to what exact kind of expertise they need us to train to and to what numbers to support them and the combatant commanders," said Welsh in response to Killer Apps' questions during a press conference after his speech at the Air Force Associations annual conference in Maryland.
Welsh went on to say that up to 90 percent of Air Force cyber personnel are simply responsible for operating and defending Air Force IT systems. "They're not what NSA would call a cyber warrior for example," said the four-star, meaning that a very small percentage of Air Force cyber operators specialize in offensive operations. "That's confusing to the rest of the Air Force because the rest of the Air Force doesn't understand. They don't really know what we're doing [in cyber]."
U.S. Air Force