Air Force launches enterprise cyber strategy
Task Force Cyber Aware will take a year to diagnose the service's risks and vulnerabilities.
The U.S. Air Force is looking to develop an enterprise-wide approach to cybersecurity. A new internal group dubbed Task Force Cyber Aware will spend about a year diagnosing the risks and vulnerabilities of the Air Force, from its main networks on out to its far-flung assets, including weapons systems, depots and program offices.
"This is an internal look for the Air Force against how would we assure our five core missions," Air Force CIO Lt. General Bill Bender said at an April 2 appearance at the AFCEA Cybersecurity Technology Summit. "We're not going to harden our way out of this. We're going to have to learn to think differently, and to fight our way through. So: fly, fight, win in a contested cyber-environment."
The effort is similar in scope and intention to the Navy's Task Force Cyber Awakening launched in November 2014.
Currently, the Air Force focuses cybersecurity on its networks and IT, but that accounts for only about 20 percent of the assets potentially at risk. The task force, Bender said, is an attempt to focus cybersecurity on the whole enterprise. The Air Force needs to "develop a coherent risk management strategy," Bender said. "It's not that that work hasn't been done, it's that it's not been done in any kind of a coherent way."
At the end of the task force, Bender hopes to have "a good idea of where our investment comes to address our cybersecurity concerns," he said. The Air Force plans to have the findings of the task force inform governance planning, cybersecurity spending and budget planning efforts starting for fiscal year 2017 and thereafter.
Beyond that, Bender said the task force is also going to serve as "an education of ourselves and those that we partner with," and "a connecting of the dots" to allow for an overview of redundancies that can be eliminated, holes that can be filled, and to facilitate the sharing of information among stakeholders.
The day-to-day operations of the task force will be led by Pete Kim, acting director for Cyberspace Operations and Warfighting Integration. The organization will include cybersecurity, IT and acquisitions personnel from across the Air Force.
“We have great leaders moving out on fixing 'the problem' within their functional areas, but the time is right to look into opportunities to synchronize and maximize resources at the corporate level in order to establish a foundational, consistent enterprise-wide approach in the future,” Kim said in an Air Force news release announcing the task force.