Mayburycybervision2025
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,235
On Slideshare
1,235
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
31
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Headquarters U.S. Air ForceAir Force Cyber Vision 2025 Dr. Mark T. Maybury Chief Scientist 9 January 2013 Distribution A. Approved for public release; distribution is unlimited. Public Release Case No 2012-0438I n t e g rDistribution A.-Approved forr v release;e - Eis x c e l l e n c e i t y S e public i c distribution unlimited. 1
  • 2. National Cyber Security“We count on computer networks to deliver our oil and gas, our power and ourwater. We rely on them for public transportation and air traffic control…But … weve failed to invest in the security of our digital infrastructure.” President Barack Obama, 29 May 2009“The most menacing foreign intelligence threats in the next two to three yearswill involve cyber-enabled espionage … insider threats … and espionage byChina, Russia, and Iran.” Lt. Gen James Clapper, Jr. USAF (Ret), DNI, 31 Jan 2012“Our military depends on resilient, reliable, and effective cyberspace assets torespond to crises, conduct operations, project power abroad and keep forcessafe.” Michael Donley, Secretary of the Air Force, 26 Mar 2012“Everything we do can be affected either by or through [cyberspace] in either a good or bad way.” Gen Mark Welsh , Chief of Staff, 18 September, 2012“Cyberspace superiority describes our mission to gain advantage in, from, andthrough cyberspace at the times and places of our choosing, even when facedwith opposition.” Gen William Shelton, AFSPC/CC, 7 Feb 2012 Distribution A. Approved for public release; distribution is unlimited. 2
  • 3. Cyber Vision 2025 Terms of Reference ideachampions.com Background:  Need to forecast future threats, mitigate vulnerabilities, enhance the industrial base, and develop the operational capabilities and cyber workforce necessary to assure cyber advantage across all Air Force mission areas  An integrated, Air Force-wide, near-, medium- and far-term S&T vision to meet or exceed AF cyber goals and, where possible, create revolutionary cyber capabilities to support core Air Force missions Key Stakeholders: Air Staff, MAJCOMS, AFRL, 24th AF, ESC, ASC, SMC Approach  Identify state of the art and best practices in government and private sector  Analyze current and forecasted capabilities, threats, vulnerabilities, and consequences across core AF missions to identify critical S&T gaps  Articulate AF near (FY11-16), mid (FY16-20) and long (FY21-25) term S&T to fill gaps, indicating where AF should lead, follow, or watch  Address cyber S&T across all Air Force core missions and functions (air, space, C4ISR) comprehensively including policy as well as DOTMLPF considerations  Engage and partner (industry, academia, national labs, FFRDC, government) Product: Cyber S&T Vision to top 4 by 7/15/12 (Report 1/1/13) DOTMLPF - Doctrine, Organization, Training, Materiel, Leadership and education, Personnel, and Facilities Distribution A. Approved for public release; distribution is unlimited. 3
  • 4. AF Cyber Accomplishments  Organizing and Equipping  Stood up AFSPC/24th AF  Cyberspace Superiority CFMP (AFSPC)  AF Policy Directive (10-17) on Cyberspace Operations’11 CFMP  Established AF-Cyber Integration Group (CIG) – HAF, CFLI  Cyberspace Operations and Support Community  Strategy for Cyberspace CORONA TOP 2011  DRAFT Cyberspace Roadmap (A3/CIO A6 and AFSPC/CFLI)  Education and Training  Cyber Operator Career Field (17D)  UCT (Keesler AFB), Cyber 200, 300 (AFIT), Cyber WIC (Nellis)  AFIT Cyberspace Technical Center of Excellence (CyTCoE)  Exercises: CyberFlag, Red Flag (live fire, air & space support of cyber, force on force defense of the CAOC-N)  Employing AFCYBER warfighting forces in support of UCT = Undergraduate Cyber Training USSTRATCOM/USCYBERCOM CFMP = Core Function Master Plan Distribution A. Approved for public release; distribution is unlimited. WIC = Cyber Weapons Instructor Course 4
  • 5. Cyber Vision 2025 Study MethodologySTRATEGY REQUIREMENTS AND PLANS MISSION FOCUS COCOM and MAJCOM Threat Requirements Cyber Air Cyber Cyber Vision Space Cyber United States Air Force CyberS&T Vision Independent 2012-2025 Senior C2 and ISR Cyber Expert AF/ST TR 12-01 Review 31 December 2012 Mission Support (Education & Training, Acquisition, T&E) Cross Cutting Enabling S&T RFIs, EXPERT SUMMITS CFMPs Distribution A. Approved for public release; distribution is unlimited. 5
  • 6. Current Environment Assured Air, Space, C4ISR and Cyber Operations Cyberspace = interdependent network of information technology Global (IT) infrastructures, and includes the Internet, telecommunications Vigilance, networks, computer systems, and Reach and embedded processors, controllers, SPACE Power individuals, organizations and missions.• Networks• Sensors• Data Links• Embedded Systems• Command & Control Cyber Missions = Cyber• Supply Chain CYBER exploitation, defense, & operations;• Databases information assurance, command &• Operators control AIR Cyber Threats = Nation states, non-state actors and domestic threats; launching/operating agents, bots, Situation Awareness, Trojans, worms, social engineering, insider attacks to deny, degrade,Integrated Air, Space, ISR Common Operational disrupt, destroy, or deceiveand Cyber Operations Picture (COP) Cyber is Inextricably Approved for public release;the Air isand Space Missions Distribution A. Entwined with distribution unlimited. 6
  • 7. Missions are Contested at Multiple Levels ATTACKS TARGETS EFFECTS Command and Formation Sensor Control ProcessingInsider attack, Disinformation,unwitting behavior Human Organization distraction, confusionData and policy Mission Layer Disruption of C2, behaviorcorruption manipulationCode manipulation, Induced inaccuracies andmalware Application Layer failuresWorms, viruses, OS/Network Layer Denial of service,flooding exfiltrationLife-cycle implants of Triggered malfunction,backdoors HW/Systems Layer performance lossPhysical destruction, Materials, Devices & Loss ofeavesdropping Comm. Links communication Distribution A. Approved for public release; distribution is unlimited. 7
  • 8. Future Trends 1999-2025 Bandwidth • CMOS Integrated Circuit Feature Size Telecommunications bandwidth (log scale) Threat • 1013 bps Malware Signatures (Threats) Apps Users US IC Off-shoring • World-wide Internet Users (# and % population) Internet Hosts High Performance Computing Speed 5.5 B (68.8%) World-wide Software Revenue Mobile App Downloads Off-shoring Chinese Computing PhD Degrees US Computing PhD Degrees • 3B 180 nm 105 bps • 10 Exaflops • IC Size 8-10nm • Chinese PhDs 35 K 147 M (2.5%) 43 M • •$1.2 T 2025 • 1 Tflop US • Econ: China #2, India #3 $170B 1600 • • • PhDs • Population +2B 2500 • 7T IP enabled devices 49 B • 50 zetabytes (1021) of data • IT/nano/bio converge 1999 2012 2025CMOS – Complimentary Metal-Oxide Semiconductor; IC – Integrated Circuit • QuantumPhD Degrees in Computer Science/Computer Engineering/Computational Mathematics Distribution A. Approved for public release; distribution is unlimited. 8
  • 9. # RFI Responses (Total 102) External Experience 40 30 34 22 20 15 9 9 8 10 5 0ss Lineage Technologies LLC SAGE Solutions BCSi Distribution A. Approved for public release; distribution is unlimited. 9 9
  • 10. Enduring Principles Least Privilege – provide only necessary authorities (e.g., white listing, discretionary access control, containment) Balance of Power – distribution of authority, peer review, two person rule Non-Interference – technical (multilevel) and operational (coord/sychronize) Minimization – limit attack surface, limit dependencies, reduce capability to essentials Simplification – allow only necessary complexity, employ standards (interfaces/controls) Survivability – fitness/readiness, awareness, anticipation, speed (responsiveness), agility (e.g., flexibility/ maneuver), and evolvability Resilience – robustness (e.g., redundancy), diversity, active defense, rapid reconstitution Optimization – offense/defense, human & machine intelligence, cost/benefit Leverage – maximize adversary cost/risk/uncertainty; maximize friendly benefit/assurance/efficiency Distribution A. Approved for public release; distribution is unlimited. 10
  • 11. Environment & Findings Realities Our operations (air, space, C2, ISR) depend on cyber Cyberspace is contested and/or denied Resources (financial, human, time) will be constrained Cyber operations can have digital, kinetic, & human effects Networks cannot be completely defended – our adversaries have and will get in Findings Mission at risk: Interdependency growth driving cost and risk; Insider threat, supply chain threat, Advanced Persistent Threat (APT) Cyber S&T enables assurance, resilience, affordability, empowerment Need to integrate across authorities and domains Need to shape doctrine, policy, people, processes (RDT&E) Partnership and leverage essential 100 Air Space 4 Millions ESLOC 80 % Capability in 3 Software 60 40 2 20 1 0 0 F-16 F-15 F-22 F-35 F-111 A-7 B-2 F-4 DSP SBIRS AEHF GPS III Source: SEI, LM Distribution A. Approved for public release; distribution is unlimited. SEI Source: 11
  • 12. AF Cyber S&T Vision “Assured cyber advantage across air, space, cyber, C2ISR, and mission support” Assured – Ensured operations in congested, competitive, contested, and denied environments in spite of increased dependencies, vulnerabilities, and threats Cyberspace – its defense, exploitation, operation Advantage – we seek an agility, resilience, and effectiveness edge over our adversaries Across – we require advantage within and across Air, space, cyber, C2ISR, mission support – we require full spectrum cyber solutions Distribution A. Approved for public release; distribution is unlimited. 12
  • 13. Recommendations Assure and Empower the Mission (MAJCOMs)  Focused, Enabling S&T (AFRL) • Assure national security missions • Assure and empower missions to security standards exceeding biz systems • Enhanced agility & resilience • More effective use of Title 10/50/32 • Optimize human/machine systs • Multi-domain synch/integrated effects • Establish foundations of trust • Increase cost of adversary OCO Improve Cyber Education, Accessions, ACE (AETC, A1, A6, AFSPC) Advance Processes (AFSPC, AQ, TE, MAJCOMS) • Require/design in security; secure full life cycle • Rapid, open, iterative acq; engage user/test early • Integrate cyber across CFMPs • Advance partnerships, align funding Enhance Systems and Capabilities (AFSPC, AQ, AFMC) • Reduce complexity, verify systems • Hardened, trusted, self-healing networks and info • Agile, resilient, disaggregated mission architectures • Real-time cyber situational awareness/prediction, managed information objects, cyber FME OCO = Offensive Cyberspace Operations; ACE = Air Force Cyber Elite; FME= Foreign Material Exploitation 13 Distribution A. Approved for public release; distribution is unlimited.
  • 14. OSD Cyber S&TDesired End State Source: Cyber S&T Priority Steering Council Research Roadmap . Dr. Steven King Nov 8, 2011.Distribution A. Approved for public release; distribution is unlimited. 14 14
  • 15. CV25 S&T Themes (1/2) Mission assurance and empowerment  Survivability and freedom of action in contested and denied environments  Enhanced cyber situational awareness for air, space, and cyber commanders enabled by automated network and mission mapping  Ability to detect and operate through cyber attacks enabled by threat warning, integrated intelligence (e.g., SIGINT, HUMINT, IMINT), and real-time forensics/attribution  Early vulnerability detection and enemy behavior forecasting enabled by advanced cyber ranges, including high fidelity, real-time modeling and simulation  Cross domain integrated effects and cross domain measures of effectiveness (MOEs), including cyber battle damage assessment Agility and Resilience  Active defense requires rapid maneuver enabled by dynamic, reconfigurable architectures (e.g., IP hoping, multilevel polymorphism)  Effective mix of redundancy, diversity, and fractionation for survivability  Reduction of attack surface, critical mission segregation, and attack containment  Autonomous compromise detection and repair (self healing) and real-time response to threats  Transition from signature based cyber sensors to behavior understanding to enhance high performance attack detection Distribution A. Approved for public release; distribution is unlimited. 15
  • 16. CV25 S&T Themes (2/2) Optimized human-machine systems  Measurement of physiological, perceptual, and cognitive states to enable personnel selection, customized training, and (user, mission, and environment) tailored augmented cognition.  High performance visualization and analytic tools to enhance situational awareness, accelerate threat discovery, and empower task performance.  Autonomy appropriately distributed between operators and machines, enabled by increased transparency of autonomy and increased human “on the loop” or supervisory control. Software and hardware foundations of trust  Operator trust in systems (e.g., sensors, communications, navigation, C2) enabled by trusted foundries, anti-tamper technologies, and supply chain assurance, as well as effective mixes of government, commercial off the shelf, and open source software  Formal verification and validation of complex, large scale interdependent systems  Advanced vulnerability analysis, automated reverse engineering, real-time forensics tools  High speed encryption, quantum communication, and quantum encryption for confidentiality and integrity Distribution A. Approved for public release; distribution is unlimited. 16
  • 17. Cyber S&T Desired Outcomes Across Air, Space, Cyber, C2 and ISR Technology Leader (L), Follower (F), Watcher (W) Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25)  Semi-Automated Mission Mapping  Real-time AFNET SA & C2 (L)  Autonomous Cyber Mission and Anomaly Resolution for Cyber  Cyber Mission Verification and Assurance/ Management (L) Assure and SA (L) Assurance Across Sensors/ Platforms  Predictable Cyber Effects on Empower  Secure Communication  Survivable C3 Mission Systems the Mission  Access and D5 Cyber Effects (L/F)  Access and D5 Cyber Effects (L/F)  Fractionated, Morphable  Resilient Virtualization (F)  Autonomous, Secure, Agile Enhance Architectures (L)  Online Vulnerability Identification Composable CyberPhys Systs (L) Agility and  Cyber Maneuver (L) and Adaptation (F)  Cognitive Communication/ Networks (agile, reconfigure, self Resilience heal) (L) Optimize  Operator Measurement (stress,  Automated Individual Performance  Intent/Behavior Detection and cognition, perf., trust) (L) Assessment (L) Forecasting Human-  Adversarial/Social Modeling and  Initial Augmented Cognition (L)  Human-Machine Performance Machine Reasoning (L) Agent-based  Cyber Battle Damage Assess (L) Optimization (L) Systems Reasoning  Automated Cyber Refresh (F)  Measurement, Vulnerability  Information Integrity V&V  Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L)  Quantum Communications (L) and Vulnerability Assessment  Real-Time Cyber Reverse  Protected Root of Trust for Cyber C2  Quantum Encryption (F) Foundations Engineering (L/F) (L)  Provable Mission Assurance in of Trust  Software Anti-Tamper (L)  Embedded Anti-Tamper (F) Contested Domains (L)  Secure Virtualization  Semi Autonomous Supply Chain  Model-based Correct-by- Assurance (F) Construction Software (W)D5 = Degrade, Deceive, Destroy Deny, DisruptSCOTI = Selective Cyber Operations Technology Integration (SCOTI) DRAFT 17 Distribution A. Approved for public release; distribution is unlimited.
  • 18. Cyber S&T Desired Outcomes and Example Programs Across Air, Space, Cyber, C2 and ISR Technology Leader (L), Follower (F), Watcher (W) Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25)  Semi-Automated Mission Mapping  Real-time AFNET SA & C2 (L)  Autonomous Cyber Mission and Anomaly Resolution for Cyber SA  100 Gbit dynamic mission SA Assurance/ Management (L) (L)  Cyber Mission Verification and  Self-Protecting InformationAssure and  Managed Info Objects (MIO) Assurance Across Sensors/ Platforms  Predictable Cyber Effects on Empower  10 Gbit Mission Aware Routing  Survivable C3 (L) Mission Systems (L)the Mission  Secure Communication (L)  Assured Access Comm  BLOS C2, Jetpacks JCTD  Advanced Access, D5 Effects (L/F)  Access and D51 Cyber Effects (L/F)  Cross Air/Space/Cyber Sensor  SCOTI1 Platform, JWIN3 Integration and Plan Generation  Fractionated, Morphable ,  Online Vulnerability Identification  Autonomous, Secure, Agile Enhance Reconstituting Architectures (L) and Adaptation (F) Composable CyberPhys Systs (L)  IP Hopping, Morphable Architectures  Resilient Virtualization (F)  Cognitive Comm/NetworksAgility and  Cyber Maneuver (L)  Architecture Diversity (agile, reconfigure, self heal) (L)Resilience  Agile Tactical Communication  Heterogeneous Operationally  Intelligent Mix of GOTS/COTS (F) Responsive Networks, Cyber Agility  Operator Selection  Automated Individual Performance  Intent/Behavior Detection and Optimize (e.g., traits, methods) (L/F) Assessment and Training (L) Forecasting (L) Human-  Operator Selection (e.g., AFOQT)  Initial Augmented Cognition (L)  Computational Social Science Machine  Operator Measurement  Operator SA, assessment, augment  Human-Machine Perf Optimize (L) (e.g., stress, cognition, perf., trust) (L)  Auto Cyber Battle Damage Assess (L)  Neuroscience based brain Systems  Adversarial/Social Modeling (L) computer interfaces (L/F)  Measurement, Vulnerability  Information Integrity V&V  Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L)  Quantum Communication (L) and Vulnerability Assessment (F)  Avionics Vulnerability Discovery  Root of Trust for Cyber C2 (L)  Quantum Security MethodsFoundations  Real-Time Cyber Reverse Engineering  Embedded Anti-Tamper (F)  Provable Mission Assurance in of Trust (L/F)  Semi Autonomous Supply Chain Contested Domains (L)  Software Anti-Tamper (L) Assurance (F)  Avionics Vulnerability Protections  Secure Virtualization (F)  CMATH Distribution A. Approved for public release; distribution is unlimited. 18
  • 19. Cyber S&T Gaps Major Gap Across Air, Space, Cyber, C2 and ISR Partial Gap Technology Leader (L), Follower (F), Watcher (W) No Gap Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25)  Semi-Automated Mission Mapping  Real-time AFNET SA & C2 (L)  Autonomous Cyber Mission and Anomaly Resolution for Cyber SA  Cyber Mission Verification and Assurance/ Management (L)Assure and (L) Assurance Across Sensors/ Platforms  Predictable Cyber Effects on Empower  Secure Communication (L)  Survivable C3 (L) Mission Systems (L)  Access and D51 Cyber Effects (L/F)  Advanced Access, D5 Effects (L/F)the Mission  Fractionated, Morphable ,  Online Vulnerability Identification  Autonomous, Secure, Agile Enhance Reconstituting Architectures (L) and Adaptation (F) Composable CyberPhys Systs (L)Agility and  Cyber Maneuver (L)  Resilient Virtualization (F)  Cognitive Comm/NetworksResilience  Intelligent Mix of GOTS/COTS (F) (agile, reconfigure, self heal) (L) Optimize  Operator Selection  Automated Individual Performance  Intent/Behavior Detection and (e.g., traits, methods) (L/F) Assessment and Training (L) Forecasting (L) Human-  Operator Measurement  Initial Augmented Cognition (L)  Human-Machine Perf Optimize (L) Machine (stress, cognition, perf., trust) (L)  Auto Cyber Battle Damage Assess) (L  Neuroscience based brain Systems  Adversarial/Social Modeling (L) computer interfaces (L/F)  Measurement, Vulnerability  Information Integrity V&V  Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L)  Quantum Communication (L) and Vulnerability Assessment (F)  Real-Time Cyber Reverse Engineering  Root of Trust for Cyber C2 (L)  Provable Mission Assurance inFoundations (L/F)  Embedded Anti-Tamper (F) Contested Domains (L) of Trust  Software Anti-Tamper (L)  Semi Autonomous Supply Chain  Secure Virtualization (F) Assurance (F) 1 D5= Degrade, Deceive, Destroy Deny, Disrupt 2 SCOTI = Selective Cyber Operations Technology Integration 3JWIN = Joint Warfighting Integrated Network Operations Distribution A. Approved for public release; distribution is unlimited. 19
  • 20. Partnership and Focus COCOMs Intelligence Army, Navy, Community Marines Land and Maritime cyberNational Labs FFRDCs Federal Research DARPA, NSF, FAA, Academia OSTP, NASA , NIST Air, Space, Cyber Critical Industry & Infrastructure Consortia DHS, EPRI, Utilities (e.g., DIB Pilot) International Air Force will leverage cyber capabilities and investments of our partners and focus S&T investment on Air Force mission Distribution A. Approved for public release; distribution is unlimited. 20
  • 21. Cyber Vision 2025 Key Messages Cyber Vision 2025 is the AF S&T vision for the assured cyberspace advantage enabled by key science and technology advances where the AF will lead, follow, or watch in the near, mid and long term Key challenges include growing cyberspace threats, increased dependency and vulnerabilities, and resource constraints Airmen are our most powerful cyberspace capability and their development is a priority A principled approach and S&T advances provide opportunities to:  Reduce operating costs; enhance cyber acquisition  Empower cyberspace operators; partner for the joint fight  Advance agility/resilience, human/machine systems, and foundations of trust  Assure and empower all AF missions including C2 and ISR  Provide synchronized effects across air, space, and cyber Call on Airmen to develop novel concepts of operations to take maximum advantage of forthcoming technologies Distribution A. Approved for public release; distribution is unlimited. 21
  • 22. Cyber Vision Team Senior Governance Team (3*)  Dr. Mark Maybury (chair), Lt Gen Mike Basla (AFSPC/CV –> SAF/CIO A6), Gen Janet Wolfenbarger (AFMC/CC), Lt Gen William Lord (SAF/CIO A6), Lt Gen Larry James (AF/A2), Lt Gen Chris Miller (AF/A8) Key Senior Stakeholders  Lt Gen Charles Davis (ESC/CC, AFPEO C3I and NetworksSAF/AQ), Lt Gen Ellen Pawlikowski (SMC), Lt Gen Judy Fedder (A4/7), Lt Gen Thomas Owen (ASC), Lt Gen “Hawk” Carlisle (A3/5), Maj Gen Neil McCasland (AFRL), Maj Gen Suzanne Vautrinot (24th AF), Maj Gen Mike Holmes (A3/5), Dr. Steve Walker (AQR), Dr. Jackie Henningsen (A9), Lt Gen(Sel) John Hyten (AQS –> AFSPC/CV), Maj Gen Robert Otto (AFISRA/CC), Maj Gen Earl Matthews (A3C/A6C), Maj Gen Ken Merchant (AAC), Maj Gen(Sel) Samuel Greaves (AFSPC/A8/9) Cyber S&T Mission Area Study Leads  Air: Dr. Kamal Jabbour (AFRL/RI), Dr. Don Erbschloe (AMC), Mr. Bill Marion (ACC)  Space: Dr. Doug Beason (AFSPC), Col Brad Buxton (SMC) & Dr. Jim Riker (AFRL/RV)  Cyber: Dr. Rich Linderman (AFRL/RI), Dr. Doug Beason (AFSPC) & Mr. Arthur Wachdorf (24AF)  C2ISR: Dr. Steven K. Rogers (AFRL/RY/RI), Mr. Ron Mason (ESC), Mr. Stan Newberry (AFC2IC), Dr. Chris Yeaw (AFGSC), B Gen Scott Bethel (AFISRA/CV), B Gen (S) John Bansemer (AFISRA/CVA), DISL Keith Hoffman (NASIC), Dr. Rick Raines (CCR, AFCyTCoE)  Mission Support (Acquisition, Test & Eval, Edu & Trng, Workforce): Dr. Steve Walker (AQR), Mr. Ron Mason (ESC), Mr. Mike Kretzer (688th), Dr. Nathaniel Davis (AFIT), Maj Gen Earl Matthews (A3C/A6C)  Enabling Technology: Dr. Jennifer Ricklin (AFRL), Dr. Robert Bonneau (AFOSR)  Threat: Mr. Gary O’Connell (NASIC), Col Matthew Hurley (AF/A2DD) Distribution A. Approved for public release; distribution is unlimited. 23
  • 23. Senior Independent Expert Review Group (SIERG) Air Space Cyber C2ISR Mission S&T, Threat, Support and OverallProf Mark Dr. Mike Prof Ed Feigenbaum, Stanford Prof. Alex Levis, GMU John Gilligan Prof. Werner Dahm, ASULewis, U. Yarymovych, Gil Vega, DOE Lt Col Marion Grant, Evi Goldfield, NSFMaryland Sarasota Space Prof. Gene Spafford, Purdue USCYBERCOM/J9 Charles Bouldin, NSF Dr. Herb Lin, Nat Academy Lauren M. Van Wazer, Andrew Makridis, CIA OSTP Glenn Gafney, CIA Tomas Vagoun, NITRDNatalie Dr. Rami Dr. Paul Nielsen, CMU/SEI John Woodward, MITRE Jim Gosler, Sandia Konrad Vesey, IARPACrawford, Razouk, Dr. Mark Zissman MIT LL Sue Lee Short, JHU-APL Giorgio Bertoli, Army Stan Chincheck, NRLRAND Aerospace Harriet Goldman, MITRE Dr. Wen C. Masters, ONRLt Gen George Don Kerr Gen Mike Hayden (Ret), USAF VADM Mike McConnell, Dr. Ernest McDuffie, Gen (Ret) Jim McCarthy,Muellner (Ret) Keith Hall, Lt Gen Ken Minihan (Ret) USAF (Ret) USN CMU USAFAUSAF BAH RADM Will Metts, NSA/TAO Mike Aimone, OSD Dr. Peter Friedland Paul Laugesen, NSA/TAO Lt Gen David Deptula, (I&E) Prof Pat Winston, MIT Dr. Yul Williams, NSA/CSS TOC (Ret) USAFRobert Matt Linton, David Mountain, NSA Lt Gen Ted Bowlds, (Ret) Lt Gen (Ret) Trey David Honey, DNIOsborne, NASA ARC-IS Dr Starnes Walker, FltCyber, USAF Obering, USAF Dr. Steven King,NNSA Navy Lt Gen Robert Elder, Dr. Tim Persons, GAO OSD(R&E) PSC Tim Grance, NIST (Ret) USAFFormer USAF Former Former Director NSA, DIA Former DNI Former AF CIO AF SAB EXCOMChief Scientist Director of NRO Coalition Group Cpt Andrew Gudgeon, Dr. Brian.Hanlon. DSTO, Joseph Templin, UK Australia for public release; distribution is unlimited. Distribution A. Approved Canada 24
  • 24. Mission Support: Acquisition Finding: Acquisition of information systems perceived as not timely or responsive; system delivery out-of-sync with technology progress Recommendations:  Overhaul efforts to streamline acquisition policy and processes, and periodically reassess to determine effectiveness; implement best practices within acquisition of the wide range of information systems (OPR: SAF/AQ, OCR: AFMC, AFSPC)  Develop flexible funding authorities to better respond to warfighter needs (OPR: AF/A8, OCR: SAF/AQ, SAF/FM) Finding: Contractual requirements for “system security from a cyber perspective” lacking for both cyber & cyber-physical systems Recommendation: Create, standardize, and implement cyber system security as an integral part of the requirements and systems engineering processes (OPR: SAF/AQ, OCR: AFMC, AFSPC) Finding: “Cyber system security” for all systems are not currently given sufficient scrutiny throughout acquisition and sustainment lifecycle Recommendation: Expand, enhance, and institutionalize full-spectrum Cyber Assessment and Vulnerability Evaluations across the Air Force portfolio of cyber and cyber-physical systems throughout the life cycle (OPR: SAF/AQ, OCR: AFMC, AFSPC, AF/TE) Distribution A. Approved for public release; distribution is unlimited. 25
  • 25. Test & Evaluation Finding: Current cyber T&E efforts are generally performed too late in the acquisition process, and paper-based & checklist-focused Certification and Accreditation is insufficient to appropriately addresses system security from a cyber perspective Recommendations:  Cyber Test & Evaluation must begin at the requirements development and design phase, and be accomplished continuously throughout the acquisition life-cycle (OPR: AF/TE, OCR: SAF/AQ)  The Air Force must overhaul the current Certification & Accreditation and checklist-focused model to a full-spectrum and unbounded vulnerability assessments of cyber and cyber-physical systems (OPR: AF/TE, OCR: SAF/AQ, AFMC, AFSPC) Finding: Cyber test and training ranges are developed and utilized without central requirements, funding or authority Recommendation: Develop a centralized inventory and capability database for cyber test infrastructure, and conduct gap analysis to identify cyber range requirements and capabilities (OPR: AF/TE, OCR: AFSPC, AFMC) Distribution A. Approved for public release; distribution is unlimited. 26
  • 26. Education & Training Finding: US high school and university system not producing the required quality & quantity of graduates to compete with growing adversary capabilities and future cyber workforce needs Recommendations:  Increase support of high school and university cyber recruitment efforts (intern programs, cyber competitions, etc.) (OPR: AF/A1, AFSPC; OCR: SAF/AQ, SAF/CIO A6)  Project future cyber workforce requirements for cyber-specific degrees (EE, CompE, CS, Math) and align with USAFA curriculum and degree production, targeted ROTC scholarships, and focused OTS recruitment (OPR: AF/A1, AETC; OCR: AFSPC; SAF/CIO A6) Distribution A. Approved for public release; distribution is unlimited. 27
  • 27. Education & Training Finding: Air Force cyber education and training programs need to evolve to meet growing cyber mission set and increasing adversary capabilities Recommendations:  Develop and require cyber ops training at the technical level for selected non “cyber professional” personnel (OPR: SAF/CIO A6; OCR: AETC, SAF/AQ, AFMC)  Provide funding and institute workforce roadmap that allows civilians to participate in the range of DOD-provided education and training opportunities alongside their military counterparts (OPR: SAF/CIO A6; OCR: AFSPC, AETC)  Advocate and influence U.S. universities (including USAFA), to expand depth-of-coverage in secure software coding, secure & trusted architectures, and other technical areas of interest related to cyber and cyber-physical systems, while also expanding AFIT programs in these areas (OPR: AFIT; OCR: USAFA, AFSPC) Distribution A. Approved for public release; distribution is unlimited. 28
  • 28. Workforce Finding: The demand for skilled cyber personnel will increase in response to growing adversary capabilities, and the cyber workforce roadmap, organization structures, and authorities need to evolve to address these challenges Recommendations:  Building upon red team and hunter team success, develop a cadre of Air Force Cyber Elite (ACE) professionals (OPR: SAF/CIO A6; OCR: AFSPC, AFMC)  Create an updated comprehensive workforce development roadmap to identify future skill sets and Total Force mix to preserve US cyber competitive advantage (OPR: SAF/CIO A6; OCR: AFSPC) Finding: Current classification guide for officer Cyber Operators does not focus on accessing the most qualified candidates into the career field Recommendations:  Mandate a minimum requirement of 50% cyber-specific foundational degrees (EE, CompE, CS, Math) for the 17D cyber operations career field (OPR: SAF/CIO A6; OCR: AF/A1, AFSPC)  Eliminate the “catch all” statements that allow individuals to become cyber operators without meeting minimum educational requirements, unless they have demonstrated strong aptitude for cyber missions (OPR: SAF/CIO A6; OCR: AFRL, AFSPC) Distribution A. Approved for public release; distribution is unlimited. 29