Headquarters U.S. Air ForceAir Force Cyber Vision 2025 Dr. Mark T. Maybury Chief Scientist 9 January 2013 Distribution A. Approved for public release; distribution is unlimited. Public Release Case No 2012-0438I n t e g rDistribution A.-Approved forr v release;e - Eis x c e l l e n c e i t y S e public i c distribution unlimited. 1
National Cyber Security“We count on computer networks to deliver our oil and gas, our power and ourwater. We rely on them for public transportation and air traffic control…But … weve failed to invest in the security of our digital infrastructure.” President Barack Obama, 29 May 2009“The most menacing foreign intelligence threats in the next two to three yearswill involve cyber-enabled espionage … insider threats … and espionage byChina, Russia, and Iran.” Lt. Gen James Clapper, Jr. USAF (Ret), DNI, 31 Jan 2012“Our military depends on resilient, reliable, and effective cyberspace assets torespond to crises, conduct operations, project power abroad and keep forcessafe.” Michael Donley, Secretary of the Air Force, 26 Mar 2012“Everything we do can be affected either by or through [cyberspace] in either a good or bad way.” Gen Mark Welsh , Chief of Staff, 18 September, 2012“Cyberspace superiority describes our mission to gain advantage in, from, andthrough cyberspace at the times and places of our choosing, even when facedwith opposition.” Gen William Shelton, AFSPC/CC, 7 Feb 2012 Distribution A. Approved for public release; distribution is unlimited. 2
Cyber Vision 2025 Terms of Reference ideachampions.com Background: Need to forecast future threats, mitigate vulnerabilities, enhance the industrial base, and develop the operational capabilities and cyber workforce necessary to assure cyber advantage across all Air Force mission areas An integrated, Air Force-wide, near-, medium- and far-term S&T vision to meet or exceed AF cyber goals and, where possible, create revolutionary cyber capabilities to support core Air Force missions Key Stakeholders: Air Staff, MAJCOMS, AFRL, 24th AF, ESC, ASC, SMC Approach Identify state of the art and best practices in government and private sector Analyze current and forecasted capabilities, threats, vulnerabilities, and consequences across core AF missions to identify critical S&T gaps Articulate AF near (FY11-16), mid (FY16-20) and long (FY21-25) term S&T to fill gaps, indicating where AF should lead, follow, or watch Address cyber S&T across all Air Force core missions and functions (air, space, C4ISR) comprehensively including policy as well as DOTMLPF considerations Engage and partner (industry, academia, national labs, FFRDC, government) Product: Cyber S&T Vision to top 4 by 7/15/12 (Report 1/1/13) DOTMLPF - Doctrine, Organization, Training, Materiel, Leadership and education, Personnel, and Facilities Distribution A. Approved for public release; distribution is unlimited. 3
AF Cyber Accomplishments Organizing and Equipping Stood up AFSPC/24th AF Cyberspace Superiority CFMP (AFSPC) AF Policy Directive (10-17) on Cyberspace Operations’11 CFMP Established AF-Cyber Integration Group (CIG) – HAF, CFLI Cyberspace Operations and Support Community Strategy for Cyberspace CORONA TOP 2011 DRAFT Cyberspace Roadmap (A3/CIO A6 and AFSPC/CFLI) Education and Training Cyber Operator Career Field (17D) UCT (Keesler AFB), Cyber 200, 300 (AFIT), Cyber WIC (Nellis) AFIT Cyberspace Technical Center of Excellence (CyTCoE) Exercises: CyberFlag, Red Flag (live fire, air & space support of cyber, force on force defense of the CAOC-N) Employing AFCYBER warfighting forces in support of UCT = Undergraduate Cyber Training USSTRATCOM/USCYBERCOM CFMP = Core Function Master Plan Distribution A. Approved for public release; distribution is unlimited. WIC = Cyber Weapons Instructor Course 4
Cyber Vision 2025 Study MethodologySTRATEGY REQUIREMENTS AND PLANS MISSION FOCUS COCOM and MAJCOM Threat Requirements Cyber Air Cyber Cyber Vision Space Cyber United States Air Force CyberS&T Vision Independent 2012-2025 Senior C2 and ISR Cyber Expert AF/ST TR 12-01 Review 31 December 2012 Mission Support (Education & Training, Acquisition, T&E) Cross Cutting Enabling S&T RFIs, EXPERT SUMMITS CFMPs Distribution A. Approved for public release; distribution is unlimited. 5
Current Environment Assured Air, Space, C4ISR and Cyber Operations Cyberspace = interdependent network of information technology Global (IT) infrastructures, and includes the Internet, telecommunications Vigilance, networks, computer systems, and Reach and embedded processors, controllers, SPACE Power individuals, organizations and missions.• Networks• Sensors• Data Links• Embedded Systems• Command & Control Cyber Missions = Cyber• Supply Chain CYBER exploitation, defense, & operations;• Databases information assurance, command &• Operators control AIR Cyber Threats = Nation states, non-state actors and domestic threats; launching/operating agents, bots, Situation Awareness, Trojans, worms, social engineering, insider attacks to deny, degrade,Integrated Air, Space, ISR Common Operational disrupt, destroy, or deceiveand Cyber Operations Picture (COP) Cyber is Inextricably Approved for public release;the Air isand Space Missions Distribution A. Entwined with distribution unlimited. 6
Missions are Contested at Multiple Levels ATTACKS TARGETS EFFECTS Command and Formation Sensor Control ProcessingInsider attack, Disinformation,unwitting behavior Human Organization distraction, confusionData and policy Mission Layer Disruption of C2, behaviorcorruption manipulationCode manipulation, Induced inaccuracies andmalware Application Layer failuresWorms, viruses, OS/Network Layer Denial of service,flooding exfiltrationLife-cycle implants of Triggered malfunction,backdoors HW/Systems Layer performance lossPhysical destruction, Materials, Devices & Loss ofeavesdropping Comm. Links communication Distribution A. Approved for public release; distribution is unlimited. 7
Future Trends 1999-2025 Bandwidth • CMOS Integrated Circuit Feature Size Telecommunications bandwidth (log scale) Threat • 1013 bps Malware Signatures (Threats) Apps Users US IC Off-shoring • World-wide Internet Users (# and % population) Internet Hosts High Performance Computing Speed 5.5 B (68.8%) World-wide Software Revenue Mobile App Downloads Off-shoring Chinese Computing PhD Degrees US Computing PhD Degrees • 3B 180 nm 105 bps • 10 Exaflops • IC Size 8-10nm • Chinese PhDs 35 K 147 M (2.5%) 43 M • •$1.2 T 2025 • 1 Tflop US • Econ: China #2, India #3 $170B 1600 • • • PhDs • Population +2B 2500 • 7T IP enabled devices 49 B • 50 zetabytes (1021) of data • IT/nano/bio converge 1999 2012 2025CMOS – Complimentary Metal-Oxide Semiconductor; IC – Integrated Circuit • QuantumPhD Degrees in Computer Science/Computer Engineering/Computational Mathematics Distribution A. Approved for public release; distribution is unlimited. 8
# RFI Responses (Total 102) External Experience 40 30 34 22 20 15 9 9 8 10 5 0ss Lineage Technologies LLC SAGE Solutions BCSi Distribution A. Approved for public release; distribution is unlimited. 9 9
Enduring Principles Least Privilege – provide only necessary authorities (e.g., white listing, discretionary access control, containment) Balance of Power – distribution of authority, peer review, two person rule Non-Interference – technical (multilevel) and operational (coord/sychronize) Minimization – limit attack surface, limit dependencies, reduce capability to essentials Simplification – allow only necessary complexity, employ standards (interfaces/controls) Survivability – fitness/readiness, awareness, anticipation, speed (responsiveness), agility (e.g., flexibility/ maneuver), and evolvability Resilience – robustness (e.g., redundancy), diversity, active defense, rapid reconstitution Optimization – offense/defense, human & machine intelligence, cost/benefit Leverage – maximize adversary cost/risk/uncertainty; maximize friendly benefit/assurance/efficiency Distribution A. Approved for public release; distribution is unlimited. 10
Environment & Findings Realities Our operations (air, space, C2, ISR) depend on cyber Cyberspace is contested and/or denied Resources (financial, human, time) will be constrained Cyber operations can have digital, kinetic, & human effects Networks cannot be completely defended – our adversaries have and will get in Findings Mission at risk: Interdependency growth driving cost and risk; Insider threat, supply chain threat, Advanced Persistent Threat (APT) Cyber S&T enables assurance, resilience, affordability, empowerment Need to integrate across authorities and domains Need to shape doctrine, policy, people, processes (RDT&E) Partnership and leverage essential 100 Air Space 4 Millions ESLOC 80 % Capability in 3 Software 60 40 2 20 1 0 0 F-16 F-15 F-22 F-35 F-111 A-7 B-2 F-4 DSP SBIRS AEHF GPS III Source: SEI, LM Distribution A. Approved for public release; distribution is unlimited. SEI Source: 11
AF Cyber S&T Vision “Assured cyber advantage across air, space, cyber, C2ISR, and mission support” Assured – Ensured operations in congested, competitive, contested, and denied environments in spite of increased dependencies, vulnerabilities, and threats Cyberspace – its defense, exploitation, operation Advantage – we seek an agility, resilience, and effectiveness edge over our adversaries Across – we require advantage within and across Air, space, cyber, C2ISR, mission support – we require full spectrum cyber solutions Distribution A. Approved for public release; distribution is unlimited. 12
Recommendations Assure and Empower the Mission (MAJCOMs) Focused, Enabling S&T (AFRL) • Assure national security missions • Assure and empower missions to security standards exceeding biz systems • Enhanced agility & resilience • More effective use of Title 10/50/32 • Optimize human/machine systs • Multi-domain synch/integrated effects • Establish foundations of trust • Increase cost of adversary OCO Improve Cyber Education, Accessions, ACE (AETC, A1, A6, AFSPC) Advance Processes (AFSPC, AQ, TE, MAJCOMS) • Require/design in security; secure full life cycle • Rapid, open, iterative acq; engage user/test early • Integrate cyber across CFMPs • Advance partnerships, align funding Enhance Systems and Capabilities (AFSPC, AQ, AFMC) • Reduce complexity, verify systems • Hardened, trusted, self-healing networks and info • Agile, resilient, disaggregated mission architectures • Real-time cyber situational awareness/prediction, managed information objects, cyber FME OCO = Offensive Cyberspace Operations; ACE = Air Force Cyber Elite; FME= Foreign Material Exploitation 13 Distribution A. Approved for public release; distribution is unlimited.
OSD Cyber S&TDesired End State Source: Cyber S&T Priority Steering Council Research Roadmap . Dr. Steven King Nov 8, 2011.Distribution A. Approved for public release; distribution is unlimited. 14 14
CV25 S&T Themes (1/2) Mission assurance and empowerment Survivability and freedom of action in contested and denied environments Enhanced cyber situational awareness for air, space, and cyber commanders enabled by automated network and mission mapping Ability to detect and operate through cyber attacks enabled by threat warning, integrated intelligence (e.g., SIGINT, HUMINT, IMINT), and real-time forensics/attribution Early vulnerability detection and enemy behavior forecasting enabled by advanced cyber ranges, including high fidelity, real-time modeling and simulation Cross domain integrated effects and cross domain measures of effectiveness (MOEs), including cyber battle damage assessment Agility and Resilience Active defense requires rapid maneuver enabled by dynamic, reconfigurable architectures (e.g., IP hoping, multilevel polymorphism) Effective mix of redundancy, diversity, and fractionation for survivability Reduction of attack surface, critical mission segregation, and attack containment Autonomous compromise detection and repair (self healing) and real-time response to threats Transition from signature based cyber sensors to behavior understanding to enhance high performance attack detection Distribution A. Approved for public release; distribution is unlimited. 15
CV25 S&T Themes (2/2) Optimized human-machine systems Measurement of physiological, perceptual, and cognitive states to enable personnel selection, customized training, and (user, mission, and environment) tailored augmented cognition. High performance visualization and analytic tools to enhance situational awareness, accelerate threat discovery, and empower task performance. Autonomy appropriately distributed between operators and machines, enabled by increased transparency of autonomy and increased human “on the loop” or supervisory control. Software and hardware foundations of trust Operator trust in systems (e.g., sensors, communications, navigation, C2) enabled by trusted foundries, anti-tamper technologies, and supply chain assurance, as well as effective mixes of government, commercial off the shelf, and open source software Formal verification and validation of complex, large scale interdependent systems Advanced vulnerability analysis, automated reverse engineering, real-time forensics tools High speed encryption, quantum communication, and quantum encryption for confidentiality and integrity Distribution A. Approved for public release; distribution is unlimited. 16
Cyber S&T Desired Outcomes Across Air, Space, Cyber, C2 and ISR Technology Leader (L), Follower (F), Watcher (W) Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25) Semi-Automated Mission Mapping Real-time AFNET SA & C2 (L) Autonomous Cyber Mission and Anomaly Resolution for Cyber Cyber Mission Verification and Assurance/ Management (L) Assure and SA (L) Assurance Across Sensors/ Platforms Predictable Cyber Effects on Empower Secure Communication Survivable C3 Mission Systems the Mission Access and D5 Cyber Effects (L/F) Access and D5 Cyber Effects (L/F) Fractionated, Morphable Resilient Virtualization (F) Autonomous, Secure, Agile Enhance Architectures (L) Online Vulnerability Identification Composable CyberPhys Systs (L) Agility and Cyber Maneuver (L) and Adaptation (F) Cognitive Communication/ Networks (agile, reconfigure, self Resilience heal) (L) Optimize Operator Measurement (stress, Automated Individual Performance Intent/Behavior Detection and cognition, perf., trust) (L) Assessment (L) Forecasting Human- Adversarial/Social Modeling and Initial Augmented Cognition (L) Human-Machine Performance Machine Reasoning (L) Agent-based Cyber Battle Damage Assess (L) Optimization (L) Systems Reasoning Automated Cyber Refresh (F) Measurement, Vulnerability Information Integrity V&V Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L) Quantum Communications (L) and Vulnerability Assessment Real-Time Cyber Reverse Protected Root of Trust for Cyber C2 Quantum Encryption (F) Foundations Engineering (L/F) (L) Provable Mission Assurance in of Trust Software Anti-Tamper (L) Embedded Anti-Tamper (F) Contested Domains (L) Secure Virtualization Semi Autonomous Supply Chain Model-based Correct-by- Assurance (F) Construction Software (W)D5 = Degrade, Deceive, Destroy Deny, DisruptSCOTI = Selective Cyber Operations Technology Integration (SCOTI) DRAFT 17 Distribution A. Approved for public release; distribution is unlimited.
Cyber S&T Desired Outcomes and Example Programs Across Air, Space, Cyber, C2 and ISR Technology Leader (L), Follower (F), Watcher (W) Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25) Semi-Automated Mission Mapping Real-time AFNET SA & C2 (L) Autonomous Cyber Mission and Anomaly Resolution for Cyber SA 100 Gbit dynamic mission SA Assurance/ Management (L) (L) Cyber Mission Verification and Self-Protecting InformationAssure and Managed Info Objects (MIO) Assurance Across Sensors/ Platforms Predictable Cyber Effects on Empower 10 Gbit Mission Aware Routing Survivable C3 (L) Mission Systems (L)the Mission Secure Communication (L) Assured Access Comm BLOS C2, Jetpacks JCTD Advanced Access, D5 Effects (L/F) Access and D51 Cyber Effects (L/F) Cross Air/Space/Cyber Sensor SCOTI1 Platform, JWIN3 Integration and Plan Generation Fractionated, Morphable , Online Vulnerability Identification Autonomous, Secure, Agile Enhance Reconstituting Architectures (L) and Adaptation (F) Composable CyberPhys Systs (L) IP Hopping, Morphable Architectures Resilient Virtualization (F) Cognitive Comm/NetworksAgility and Cyber Maneuver (L) Architecture Diversity (agile, reconfigure, self heal) (L)Resilience Agile Tactical Communication Heterogeneous Operationally Intelligent Mix of GOTS/COTS (F) Responsive Networks, Cyber Agility Operator Selection Automated Individual Performance Intent/Behavior Detection and Optimize (e.g., traits, methods) (L/F) Assessment and Training (L) Forecasting (L) Human- Operator Selection (e.g., AFOQT) Initial Augmented Cognition (L) Computational Social Science Machine Operator Measurement Operator SA, assessment, augment Human-Machine Perf Optimize (L) (e.g., stress, cognition, perf., trust) (L) Auto Cyber Battle Damage Assess (L) Neuroscience based brain Systems Adversarial/Social Modeling (L) computer interfaces (L/F) Measurement, Vulnerability Information Integrity V&V Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L) Quantum Communication (L) and Vulnerability Assessment (F) Avionics Vulnerability Discovery Root of Trust for Cyber C2 (L) Quantum Security MethodsFoundations Real-Time Cyber Reverse Engineering Embedded Anti-Tamper (F) Provable Mission Assurance in of Trust (L/F) Semi Autonomous Supply Chain Contested Domains (L) Software Anti-Tamper (L) Assurance (F) Avionics Vulnerability Protections Secure Virtualization (F) CMATH Distribution A. Approved for public release; distribution is unlimited. 18
Cyber S&T Gaps Major Gap Across Air, Space, Cyber, C2 and ISR Partial Gap Technology Leader (L), Follower (F), Watcher (W) No Gap Area Near (F12-FY15) Mid (FY16-20) Far (FY21-25) Semi-Automated Mission Mapping Real-time AFNET SA & C2 (L) Autonomous Cyber Mission and Anomaly Resolution for Cyber SA Cyber Mission Verification and Assurance/ Management (L)Assure and (L) Assurance Across Sensors/ Platforms Predictable Cyber Effects on Empower Secure Communication (L) Survivable C3 (L) Mission Systems (L) Access and D51 Cyber Effects (L/F) Advanced Access, D5 Effects (L/F)the Mission Fractionated, Morphable , Online Vulnerability Identification Autonomous, Secure, Agile Enhance Reconstituting Architectures (L) and Adaptation (F) Composable CyberPhys Systs (L)Agility and Cyber Maneuver (L) Resilient Virtualization (F) Cognitive Comm/NetworksResilience Intelligent Mix of GOTS/COTS (F) (agile, reconfigure, self heal) (L) Optimize Operator Selection Automated Individual Performance Intent/Behavior Detection and (e.g., traits, methods) (L/F) Assessment and Training (L) Forecasting (L) Human- Operator Measurement Initial Augmented Cognition (L) Human-Machine Perf Optimize (L) Machine (stress, cognition, perf., trust) (L) Auto Cyber Battle Damage Assess) (L Neuroscience based brain Systems Adversarial/Social Modeling (L) computer interfaces (L/F) Measurement, Vulnerability Information Integrity V&V Quantum Methods for V&V, Trust, Model/Analysis, & Verification (L) Quantum Communication (L) and Vulnerability Assessment (F) Real-Time Cyber Reverse Engineering Root of Trust for Cyber C2 (L) Provable Mission Assurance inFoundations (L/F) Embedded Anti-Tamper (F) Contested Domains (L) of Trust Software Anti-Tamper (L) Semi Autonomous Supply Chain Secure Virtualization (F) Assurance (F) 1 D5= Degrade, Deceive, Destroy Deny, Disrupt 2 SCOTI = Selective Cyber Operations Technology Integration 3JWIN = Joint Warfighting Integrated Network Operations Distribution A. Approved for public release; distribution is unlimited. 19
Partnership and Focus COCOMs Intelligence Army, Navy, Community Marines Land and Maritime cyberNational Labs FFRDCs Federal Research DARPA, NSF, FAA, Academia OSTP, NASA , NIST Air, Space, Cyber Critical Industry & Infrastructure Consortia DHS, EPRI, Utilities (e.g., DIB Pilot) International Air Force will leverage cyber capabilities and investments of our partners and focus S&T investment on Air Force mission Distribution A. Approved for public release; distribution is unlimited. 20
Cyber Vision 2025 Key Messages Cyber Vision 2025 is the AF S&T vision for the assured cyberspace advantage enabled by key science and technology advances where the AF will lead, follow, or watch in the near, mid and long term Key challenges include growing cyberspace threats, increased dependency and vulnerabilities, and resource constraints Airmen are our most powerful cyberspace capability and their development is a priority A principled approach and S&T advances provide opportunities to: Reduce operating costs; enhance cyber acquisition Empower cyberspace operators; partner for the joint fight Advance agility/resilience, human/machine systems, and foundations of trust Assure and empower all AF missions including C2 and ISR Provide synchronized effects across air, space, and cyber Call on Airmen to develop novel concepts of operations to take maximum advantage of forthcoming technologies Distribution A. Approved for public release; distribution is unlimited. 21
Cyber Vision Team Senior Governance Team (3*) Dr. Mark Maybury (chair), Lt Gen Mike Basla (AFSPC/CV –> SAF/CIO A6), Gen Janet Wolfenbarger (AFMC/CC), Lt Gen William Lord (SAF/CIO A6), Lt Gen Larry James (AF/A2), Lt Gen Chris Miller (AF/A8) Key Senior Stakeholders Lt Gen Charles Davis (ESC/CC, AFPEO C3I and NetworksSAF/AQ), Lt Gen Ellen Pawlikowski (SMC), Lt Gen Judy Fedder (A4/7), Lt Gen Thomas Owen (ASC), Lt Gen “Hawk” Carlisle (A3/5), Maj Gen Neil McCasland (AFRL), Maj Gen Suzanne Vautrinot (24th AF), Maj Gen Mike Holmes (A3/5), Dr. Steve Walker (AQR), Dr. Jackie Henningsen (A9), Lt Gen(Sel) John Hyten (AQS –> AFSPC/CV), Maj Gen Robert Otto (AFISRA/CC), Maj Gen Earl Matthews (A3C/A6C), Maj Gen Ken Merchant (AAC), Maj Gen(Sel) Samuel Greaves (AFSPC/A8/9) Cyber S&T Mission Area Study Leads Air: Dr. Kamal Jabbour (AFRL/RI), Dr. Don Erbschloe (AMC), Mr. Bill Marion (ACC) Space: Dr. Doug Beason (AFSPC), Col Brad Buxton (SMC) & Dr. Jim Riker (AFRL/RV) Cyber: Dr. Rich Linderman (AFRL/RI), Dr. Doug Beason (AFSPC) & Mr. Arthur Wachdorf (24AF) C2ISR: Dr. Steven K. Rogers (AFRL/RY/RI), Mr. Ron Mason (ESC), Mr. Stan Newberry (AFC2IC), Dr. Chris Yeaw (AFGSC), B Gen Scott Bethel (AFISRA/CV), B Gen (S) John Bansemer (AFISRA/CVA), DISL Keith Hoffman (NASIC), Dr. Rick Raines (CCR, AFCyTCoE) Mission Support (Acquisition, Test & Eval, Edu & Trng, Workforce): Dr. Steve Walker (AQR), Mr. Ron Mason (ESC), Mr. Mike Kretzer (688th), Dr. Nathaniel Davis (AFIT), Maj Gen Earl Matthews (A3C/A6C) Enabling Technology: Dr. Jennifer Ricklin (AFRL), Dr. Robert Bonneau (AFOSR) Threat: Mr. Gary O’Connell (NASIC), Col Matthew Hurley (AF/A2DD) Distribution A. Approved for public release; distribution is unlimited. 23
Senior Independent Expert Review Group (SIERG) Air Space Cyber C2ISR Mission S&T, Threat, Support and OverallProf Mark Dr. Mike Prof Ed Feigenbaum, Stanford Prof. Alex Levis, GMU John Gilligan Prof. Werner Dahm, ASULewis, U. Yarymovych, Gil Vega, DOE Lt Col Marion Grant, Evi Goldfield, NSFMaryland Sarasota Space Prof. Gene Spafford, Purdue USCYBERCOM/J9 Charles Bouldin, NSF Dr. Herb Lin, Nat Academy Lauren M. Van Wazer, Andrew Makridis, CIA OSTP Glenn Gafney, CIA Tomas Vagoun, NITRDNatalie Dr. Rami Dr. Paul Nielsen, CMU/SEI John Woodward, MITRE Jim Gosler, Sandia Konrad Vesey, IARPACrawford, Razouk, Dr. Mark Zissman MIT LL Sue Lee Short, JHU-APL Giorgio Bertoli, Army Stan Chincheck, NRLRAND Aerospace Harriet Goldman, MITRE Dr. Wen C. Masters, ONRLt Gen George Don Kerr Gen Mike Hayden (Ret), USAF VADM Mike McConnell, Dr. Ernest McDuffie, Gen (Ret) Jim McCarthy,Muellner (Ret) Keith Hall, Lt Gen Ken Minihan (Ret) USAF (Ret) USN CMU USAFAUSAF BAH RADM Will Metts, NSA/TAO Mike Aimone, OSD Dr. Peter Friedland Paul Laugesen, NSA/TAO Lt Gen David Deptula, (I&E) Prof Pat Winston, MIT Dr. Yul Williams, NSA/CSS TOC (Ret) USAFRobert Matt Linton, David Mountain, NSA Lt Gen Ted Bowlds, (Ret) Lt Gen (Ret) Trey David Honey, DNIOsborne, NASA ARC-IS Dr Starnes Walker, FltCyber, USAF Obering, USAF Dr. Steven King,NNSA Navy Lt Gen Robert Elder, Dr. Tim Persons, GAO OSD(R&E) PSC Tim Grance, NIST (Ret) USAFFormer USAF Former Former Director NSA, DIA Former DNI Former AF CIO AF SAB EXCOMChief Scientist Director of NRO Coalition Group Cpt Andrew Gudgeon, Dr. Brian.Hanlon. DSTO, Joseph Templin, UK Australia for public release; distribution is unlimited. Distribution A. Approved Canada 24
Mission Support: Acquisition Finding: Acquisition of information systems perceived as not timely or responsive; system delivery out-of-sync with technology progress Recommendations: Overhaul efforts to streamline acquisition policy and processes, and periodically reassess to determine effectiveness; implement best practices within acquisition of the wide range of information systems (OPR: SAF/AQ, OCR: AFMC, AFSPC) Develop flexible funding authorities to better respond to warfighter needs (OPR: AF/A8, OCR: SAF/AQ, SAF/FM) Finding: Contractual requirements for “system security from a cyber perspective” lacking for both cyber & cyber-physical systems Recommendation: Create, standardize, and implement cyber system security as an integral part of the requirements and systems engineering processes (OPR: SAF/AQ, OCR: AFMC, AFSPC) Finding: “Cyber system security” for all systems are not currently given sufficient scrutiny throughout acquisition and sustainment lifecycle Recommendation: Expand, enhance, and institutionalize full-spectrum Cyber Assessment and Vulnerability Evaluations across the Air Force portfolio of cyber and cyber-physical systems throughout the life cycle (OPR: SAF/AQ, OCR: AFMC, AFSPC, AF/TE) Distribution A. Approved for public release; distribution is unlimited. 25
Test & Evaluation Finding: Current cyber T&E efforts are generally performed too late in the acquisition process, and paper-based & checklist-focused Certification and Accreditation is insufficient to appropriately addresses system security from a cyber perspective Recommendations: Cyber Test & Evaluation must begin at the requirements development and design phase, and be accomplished continuously throughout the acquisition life-cycle (OPR: AF/TE, OCR: SAF/AQ) The Air Force must overhaul the current Certification & Accreditation and checklist-focused model to a full-spectrum and unbounded vulnerability assessments of cyber and cyber-physical systems (OPR: AF/TE, OCR: SAF/AQ, AFMC, AFSPC) Finding: Cyber test and training ranges are developed and utilized without central requirements, funding or authority Recommendation: Develop a centralized inventory and capability database for cyber test infrastructure, and conduct gap analysis to identify cyber range requirements and capabilities (OPR: AF/TE, OCR: AFSPC, AFMC) Distribution A. Approved for public release; distribution is unlimited. 26
Education & Training Finding: US high school and university system not producing the required quality & quantity of graduates to compete with growing adversary capabilities and future cyber workforce needs Recommendations: Increase support of high school and university cyber recruitment efforts (intern programs, cyber competitions, etc.) (OPR: AF/A1, AFSPC; OCR: SAF/AQ, SAF/CIO A6) Project future cyber workforce requirements for cyber-specific degrees (EE, CompE, CS, Math) and align with USAFA curriculum and degree production, targeted ROTC scholarships, and focused OTS recruitment (OPR: AF/A1, AETC; OCR: AFSPC; SAF/CIO A6) Distribution A. Approved for public release; distribution is unlimited. 27
Education & Training Finding: Air Force cyber education and training programs need to evolve to meet growing cyber mission set and increasing adversary capabilities Recommendations: Develop and require cyber ops training at the technical level for selected non “cyber professional” personnel (OPR: SAF/CIO A6; OCR: AETC, SAF/AQ, AFMC) Provide funding and institute workforce roadmap that allows civilians to participate in the range of DOD-provided education and training opportunities alongside their military counterparts (OPR: SAF/CIO A6; OCR: AFSPC, AETC) Advocate and influence U.S. universities (including USAFA), to expand depth-of-coverage in secure software coding, secure & trusted architectures, and other technical areas of interest related to cyber and cyber-physical systems, while also expanding AFIT programs in these areas (OPR: AFIT; OCR: USAFA, AFSPC) Distribution A. Approved for public release; distribution is unlimited. 28
Workforce Finding: The demand for skilled cyber personnel will increase in response to growing adversary capabilities, and the cyber workforce roadmap, organization structures, and authorities need to evolve to address these challenges Recommendations: Building upon red team and hunter team success, develop a cadre of Air Force Cyber Elite (ACE) professionals (OPR: SAF/CIO A6; OCR: AFSPC, AFMC) Create an updated comprehensive workforce development roadmap to identify future skill sets and Total Force mix to preserve US cyber competitive advantage (OPR: SAF/CIO A6; OCR: AFSPC) Finding: Current classification guide for officer Cyber Operators does not focus on accessing the most qualified candidates into the career field Recommendations: Mandate a minimum requirement of 50% cyber-specific foundational degrees (EE, CompE, CS, Math) for the 17D cyber operations career field (OPR: SAF/CIO A6; OCR: AF/A1, AFSPC) Eliminate the “catch all” statements that allow individuals to become cyber operators without meeting minimum educational requirements, unless they have demonstrated strong aptitude for cyber missions (OPR: SAF/CIO A6; OCR: AFRL, AFSPC) Distribution A. Approved for public release; distribution is unlimited. 29
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.