The Air Force is beginning to build specialized cyber teams across the service whose primary mission is to defend local installations and critical mission tasks from cyberattacks.
These teams will ensure that a particular wing or smaller organization can complete their mission from a cyber perspective, Maj. Gen. Robert Skinner, commander of 24th Air Force/Air Forces Cyber, told Fifth Domain in a November interview.
For example, Skinner said if a wing has an F-16 unit that’s responsible for offensive counter air or defensive counter air support, mission defense teams will understand those weapon system and everything that goes into making those air sorties successful as a way to defend that mission from a cyber standpoint.
As an example, an eight-man team at the 2nd Weather Group within the 557th Weather Wing monitors the network and recently discovered several “bogus” account requests. The commander, Col. Patrick Williams, said the team was able to figure out that many of the requests were either bots or foreign requests that “had no business being on that network.” By working with the Network Operations and Security Center to eliminate that activity, the number of requests dropped by 80 percent, a huge win, Williams said. He added this was done with just a nascent mission defense team given that the teams are just being filled out across the major commands now.
Skinner said each major command is at a different point in activating the teams.
In addition, Air Force leaders said the service hopes to achieve efficiencies within its entire IT and cyber defense enterprise.
The officials pointed to the Air Force’s “enterprise IT as a service” pilot, which examines what efficiencies can be gained by having commercial companies conduct the IT services as opposed to having airmen maintain the IT infrastructure. One benefit of such a move could be that it frees up personnel to spend more time on cyber defense.
“Our core strategic theme is moving from IT focused delivery into mission defense teams,” Bill Marion, deputy CIO of the Air Force, said during a keynote presentation in early December.
Skinner said the service will likely be able to “re-mission” workers from their IT positions and assign them to these more active defensive roles such as mission defense teams.
These mission defense teams are different from cyber protection teams that the Air Force, and other services, provide to U.S. Cyber Command.
“In my eyes the [mission defense team] is a [cyber protection team] lite,” Skinner said. "We’re very proud of our cyber protection team training and I think that the more of that I can get with our mission defense teams, the more successful they’ll be and then our cyber protection teams can be really focused on the high end, the big threats that we’ll run into in a peer competition and peer adversaries.”