Cybersecurity

New Air Force cyber doctrine stresses resilience

Air Force logo

A new Air Force directive makes clear that the service's cyber operatives are expected to keep networks running in the face of hacking attacks.

The Air Force shall "develop weapons systems, capabilities, and [tactics, techniques and procedures] to 'fight through' enemy offensive cyberspace operations to ensure continued mission assurance in hostile cyber environments," Air Force Secretary Deborah Lee James declares in the directive.

The April 12 document tasks Air Force personnel with "fully exploiting the man-made domain of cyberspace" to support Air Force missions.

The instruction shows how the Air Force is adapting its organizational structure to a domain that shapes operations from beginning to end. The sweeping instruction covers all Air Force IT systems and infrastructure.

The new policy also highlights the power of select officials: the service's deputy chief of staff for operations, for example, is charged with both developing policies for defensive and offensive cyber operations, and with integrating intelligence and cyber operations.

The directive wants both greater data sharing and enhanced security -- and apparently assumes that any tension between those goals in manageable.

"Data, information, and IT services will be made visible, accessible, understandable, trusted, and interoperable throughout their lifecycles for all authorized users," the document says.

An accompanying directive covering "information dominance governance and management" lays out how the Air Force will align various cyber programs and capabilities. That memo also instructs personnel to test and evaluate all IT for interoperability and, "as necessary, determine tradeoffs among mission effectiveness, cybersecurity, efficiency, survivability, resiliency and IT interoperability."

Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, welcomed the release. Military cyber doctrine "has become one of a number of significant policy areas in which [the Obama] administration is demonstrably 'more transparent' than its predecessors," Aftergood wrote in a blog post about the directive.

Former cybersecurity specialists in the Air Force have called on the Pentagon to be more transparent in declassifying discussions of cyber doctrine. 

The National Security Agency has the last word on the classification of certain cybersecurity-related information. A new memo from the Committee on National Security Systems, a government body chaired by DOD CIO Terry Halvorsen, reminds agency heads that they need to consult with NSA when developing classification guides for information on the cybersecurity of national security systems.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected