Assuring the advantage in air, space and cyberspace
Assured cyberspace is a foundation for global vigilance, global reach and global power. Essential to all Air Force missions, cyberspace is a domain in which, from which and through which missions are performed. Yet the domain is increasingly contested or denied, while our ability to address opportunities and threats is constrained by time, treasure and talent.
The good news is that cyberspace science and technology efforts can help overcome those threats and provide systems and methods that are affordable and resilient. However, this requires intelligent partnering and better integration, and further development of doctrine, policy and research, development, test and evaluation processes.
The recently completed Cyber Vision 2025 study provides the Air Force vision for cyber science and technology in the near, mid and long term, delineating where our service should lead, follow or watch in partnership with others. Championed by the Office of the Chief Scientist, Cyber Vision 2025 was created by operators and technologists from across the Air Force and drew upon experts across government, industry and academia.
Our study looked at current and future threats, identified enduring principles of cyber operations and, finally, developed sets of recommended actions intended to assure Air Force missions in the domains of air, space and cyberspace and the realms of command-and-control and intelligence, surveillance and reconnaissance. We have organized these actions into four cross-domain, integrating themes.
Cyberspace is increasingly competitive and contested. Malware signatures are expected to increase from fewer than 3 million to more than 200 million by 2025. Moreover, the appearance of worms such as Stuxnet, Duqu and Flame illustrate that cyber operations have moved beyond the virtual realm to touch the physical world.
We anticipate that future threats will arrive along multiple fronts. Increasingly sophisticated adversaries can attack with a range of methods (e.g., social engineering, malicious insider, supply chain) against an array of interdependent layers with a diversity of effects on availability, integrity and confidentiality. They can undermine critical infrastructure (e.g., energy, water, fuel), mission support services (e.g., banking, transportation, communications), and C2 and ISR systems. They can directly attack mission systems; for example, via the computing capabilities embedded in air, space and cyberspace platforms. Finally, they can launch advanced persistent threats that can remain undetected in our cyber systems for long periods of time.
The nature of the threat will also change as globalized economic forces and competition play out, likely boosting the number of regional economic powers, increasing competition for limited resources (e.g., water, energy), and creating new anonymous actors who will be difficult to retaliate against.
At the same time, there are limits to our responses. Fiscal constraints are driving a need for efficiency. The U.S. education system will likely produce a limited supply of domestic graduates in computer science (e.g., 3,800 Ph.D.s per year by 2025, far less than China’s 8,500). Finally, time will remain a precious resource given the speed of attacks, the evolution of threats and the sheer growth of cyberspace: By 2025, there will be an estimated 5.5 billion people online using 25 million applications, engaging in billions of interactions per day, and processing some 50 zetabytes (trillion gigabytes) of data.
Still, the Air Force has made substantial progress in organizing, training and equipping our cyberspace airmen to face such threats. We stood up the 24th Air Force, which oversees cyber operations, and established the AF-Cyber Integration Group for internal coordination. We published AF Policy Directive 10-17 on cyberspace operations, and Air Force Space Command has created a Cyberspace Core Function Master Plan. For personnel, we established officer and enlisted cyberspace operator career fields and reorganized undergraduate cyber training at Keesler Air Force Base, Miss. At higher levels, we developed the Cyber 200 and 300 professional development courses at the Air Force Institute of Technology at Wright-Patterson Air Force Base, Ohio, and graduated the first Cyber Weapons Instructor Course class at Nellis Air Force Base, Nev. We are incorporating more and more cyber operations into war games, including the first USCYBERCOM CyberFlag and others that have included sophisticated defenses of critical headquarters and other air and space support for cyber. These efforts and others have allowed us to provide operational support to our own missions, as well as to U.S. Strategic Command and U.S. Cyber Command.
To build upon this progress, the Air Force has sought to identify and articulate enduring concepts and best practices for reducing cyber risks. Analysis and extensive outreach to experts, including a public request for information that drew more than 100 responses, have allowed us to produce a list of principles that have proved successful for public, private and nonprofit organizations.
For example, there is the principle of least privilege, under which users only receive permissions necessary to accomplish their mission (e.g., implementable by mechanisms such as discretionary access control, white-listing or using containers to limit functionality); this reduces the opportunity for unintentional missteps or intentional mischief. The principle of balance of power tells us that distributing authority — say, by employing peer review or using two-person rules — can help maintain positive control over information. The principle of non-interference asserts the need to separate security levels and keep the actions of one operator from thwarting another; this is achievable through careful coordination and synchronization of action.
Under the principle of simplification, we reduce vulnerabilities and potential avenues of attack by pursuing smaller solutions, limiting dependencies or providing only essential services. Simplifying systems (e.g., using standard architectural interfaces, avoiding complexity) can also reduce cost.
The principle of survivability goads us to improve intelligence and situational awareness so that we can respond faster and with more flexibility. And because not all attacks can be avoided, the principle of resilience drives us to implement redundancy, alternate (e.g., wartime) modes, diversity of components, active defenses and capacities for rapid reconstitution.
Our study also showed that some of the most successful organizations are able to integrate and optimize defense and offense and tap into the appropriate mix of automation and human intelligence to allow them to achieve the proper balance between distributed operations and detailed, centralized control.
As well, we found that some of the best organizations make optimal use of limited talent, treasure and time by maximizing the benefits of their cyber posture (cost savings, efficiencies, and effectiveness) while maximizing costs to the adversary (resources, risks, uncertainty) or denying them benefits.
Beyond principles, the study also identified a number of best practices. For example, systems should design in redundancy, diversity and components from trusted manufacturers to improve resilience. Architectures should employ open standards and loose couplers between major elements (e.g., data exchange standards) to avoid the brittleness of customized and direct connections. Fractionating (that is, physically and logically decomposing and distributing) authorities increases survivability and reduces the likelihood of privilege escalation. Finally, vulnerabilities can be reduced by promoting good “cyber hygiene” — for example, encrypting data both at rest and in motion, and ensuring chain of custody.
Acquisition can be improved by demanding clear and focused requirements, early and continual involvement and testing by users, early prototyping and rapid cycles for evolution, modular and open standards, and model-driven architectures.
Finally, acquiring, developing and properly engaging highly experienced cyberspace experts can reduce risk.
Equipped with these principles and best practices, and building upon the Defense Department’s Cyberspace Priority Steering Council strategy, Cyber Vision 2025 lays out four themes in the effort to assure cyberspace advantage:
• Mission Assurance and Empowerment. Ensuring survivability and freedom of action in contested and denied environments requires better cyber situational awareness for air, space and cyber commanders. This can be enabled by automated network mapping and, more broadly, mission mapping. To detect cyber attacks and to keep operating as they progress, operators need threat warnings, integrated intelligence (e.g., SIGINT, HUMINT), and real-time forensics and attribution. High-fidelity modeling and simulation, advanced cyber ranges and cyber exercises can help spot vulnerabilities early and forecast enemy behavior. Operators also need support to achieve integrated effects across domains, and they need better cross-domain measures of effectiveness, including cyber battle damage assessment.
• Agility and Resilience. Survivability in a contested cyberspace will demand an effective mix of redundancy, diversity and geographical dispersion. Risk can be minimized by reducing attack surfaces, segregating critical mission systems and containing attacks. These efforts can be enhanced by systems that autonomously detect compromise, repair damage and respond in real time. Attack detection will be improved by moving beyond signature-based cyber sensors to behavior-based detection. Finally, active defense demands rapid cyber maneuver enabled by dynamic, reconfigurable architectures — for example, through Internet Protocol hopping.
• Optimized Human-Machine Systems. Success in cyberspace demands the maximization of human and machine potential. This requires the measurement of physiological, perceptual and cognitive states to enable personnel selection, customized training and augmented cognition tailored to specific users, missions and environments. High-performance visualization and analytic tools can improve situational awareness, accelerate threat discovery and boost performance. Finally, autonomy must be appropriately distributed between operators and machines, enabled by increased transparency and human “on-the-loop” or supervisory control.
• Foundations of Trust. Operator trust in systems (e.g., sensors, communications, navigation, C2) can be enabled by secure foundations of computing, including trusted manufacturers, anti-tamper technologies and supply chain controls, as well as effective mixes of government, commercial off-the-shelf and open-source software. Security can be improved by advancing formal verification and validation of complex, large-scale, interdependent systems, as well as advancing vulnerability analysis, automated reverse engineering and real-time forensics tools. High-speed, encryption, quantum communication and, in the longer term, quantum encryption will further increase the confidentiality and integrity of supporting infrastructure.
In each of the air, space and cyberspace domains, as well as in C2 and ISR, Cyber Vision 2025 details the mission environment, identifies key findings and recommends strategic actions to ensure the cyber advantage. Each area includes a technology focus in the near (1-5 years), mid (6-10 years) and far term (10-15 years).
For example, in the cyber domain, we should broaden our view of cyber from an enabling domain to one in which we fly and fight. More technologically, we should improve comprehensive cyber situational awareness, agility and resilience; protect critical information in static and fragile architectures; harden key mission networks and make them trusted and self-healing; and integrate across disparate realms such as cyber, signals intelligence and electronic warfare to achieve integrated effects.
In the air domain, we must design in security to address insufficient intelligence on cyber threats against aircraft; reduce platform complexity; and enable automated, formal verification to mitigate the vulnerabilities in commercial off-the-shelf products. To ensure agile and resilient architectures, our software and hardware must not only be acquired from trusted origins and equipped with cryptography, but secured throughout its full life cycle. And because certification and accreditation is time-consuming and often outpaced by system and threat evolution, we must ensure that security requirements for platform IT exceed those for office automation and secure C2 architectures.
Finally, we need to overcome shortfalls in real-time cyberspace situational awareness through improved cyber sensing, better training and education, and more ways to “fight through” cyber attacks.
More generally, Cyber Vision 2025 recommends:
• Reducing complexity to ease verification and reduce life-cycle cost.
• Developing trusted and self-healing networks and information.
• Creating agile, resilient, disaggregated mission architectures.
• Advancing real-time cyber situational awareness and prediction and cyber science-and-technical intelligence.
• Improving mission system security standards.
• Making more effective use of authorities (e.g., Title 10, 50, 18, and 32 of the U.S. Code).
• Synchronizing multidomain effects.
• Increasing the cost of adversary cyberspace operations.
• Improving cyber accessions, education and training.
• Changing acquisition and test efforts to require and design in security, and secure weapon systems throughout their full life cycle.
• Performing rapid, open and iterative acquisition that engages user and test communities early in the process.
Sustained progress will demand integration of cyber across all Air Force core functions, advancing partnerships, aligning funding and orchestrating effort and effects across domains. Given limited resources, the Air Force cyber S&T approach depends on leveraging knowledge, capabilities and investments in a range of communities across the military, government (including the intelligence community, national labs and research organizations, the Department of Homeland Security and other protectors of critical infrastructure), industry, academia and international partners.
In summary, across all Air Force domains of operation, Cyber Vision 2025 recommends science and technology to improve foundations of trust, enhance human-machine interaction, enhance agility and resilience, and assure and empower missions. As complementary advances, these will help assure the cyberspace advantage so the Air Force can fly, fight and win in air, space and cyberspace.
MICHAEL DONLEY is the secretary of the Air Force. MARK MAYBURY is chief scientist of the Air Force. This article benefited from the contributions of many, including Air Force major commands, headquarters and the Air Force Research Laboratory, as well as the Office of the Secretary of Defense, sister services and interagency experts. The authors are also grateful for expert review from industry, academia, National Laboratories, Federally Funded Research and Development Centers and international partners.