Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Reimagining the Next Generation of Government
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Air Force looks to revamp its definition of cyberspace
Friday - 10/12/2012, 2:10pm EDT
The Air Force says it's committed to operationalizing its approach to cyberspace and exercising control over the new warfighting domain as convincingly as it does in air and space. But the service is doing some serious soul searching as it tries to wrestle its definition of "cyber" into something that's manageable and understandable.
The concern about murky definitions of cyberspace goes all the way to the top of the Air Force. Gen. Mark Welsh, the service's new chief of staff, recently said he's worried that the service's understanding of cyber is so broad that it could turn into a "black hole" for programs and money. And when Lt. Gen. Mike Basla took over as Air Force chief information officer earlier this year, Michael Donley, the Air Force secretary, directed him to convene a summit of the Air Force's most senior leaders to get everyone on the same page. Basla said he will host that summit in November.
"The truth of the matter is that if I asked our four-star generals, our chief and our secretary, ‘what is cyberspace, what is the Air Force role in cyberspace, what is our current capability in cyberspace?' we would truly get 15 different answers," Basla told an industry conference Thursday. "So we're going to baseline it internally, get our heads around it and understand that joint warfighter requirement."
Gen. William Shelton is one of those four-star leaders, and also happens to be the Air Force's core function lead integrator for cyberspace as the commander of Air Force Space Command. He said it's incumbent on the service to narrow down its understanding of cyber.
"Our actual working definition is still evolving as we gain operational experience and understanding, but I grow impatient as we watch evolution take its course," Shelton told the annual Air Force IT Day hosted by the northern Virginia chapter of AFCEA. "In 2006, the Air Force published a forward-looking document on cyber, but I think we'd all agree now that we started out too big and too ambitious, so we had to narrow our definition. In those days, some wanted to define cyber as the entire electromagnetic spectrum. In hindsight, I think this breadth had the unintended consequence of confusing everyone, including ourselves."
Shelton said the confusion has had operational consequences because of a lack of clarity about roles and missions within the Air Force.
"I know Mike Basla would back me up on this: I've personally observed confusion in roles, functions, lanes in the road, etcetera, due to the lack of precision in our operating definitions," Shelton said. "We owe it to our people, from the most junior airman to the secretary and chief of staff, to narrowly define what we mean when we talk about cyber. And once we've arrived at that agreed upon working definition, we must clearly communicate that to the field."
Shelton said the Air Force also owes that definition to the other military services, so decisions can be made about which parts of the military are responsible for which missions in a joint environment like U.S. Cyber Command and regional combatant commands, which draw their staff from each of the military services. First though, he said the Air Force has answer questions for itself about which capabilities it can offer.
"Certainly we have to operate and defend our networks. But what about exploitation and offensive operations? Is that Air Force business, or do we count on others to provide what I would call "high end" services? How we answer these questions obviously has major implications for Title 10 and Title 50 authorities within the Air Force," he said.
The Air Force is asking itself other big questions, like how it will acquire cyber capabilities before they're obsolete, how to set realistic expectations for securing its corner of cyberspace, and exactly what composition its cyber workforce should take.
"Just as we spooked the herd with our DC-to-daylight definition of cyber, I believe we've correspondingly confused ourselves when we transitioned all of our legacy communications professionals into the cyber operations career field. Is everyone in the new cyber operations career field doing real cyber work? One could argue it depends on the cyber definition we choose," Shelton said. "If our definition is narrow, it follows that our cyber force should be narrowly circumscribed as well. Do we need to recruit to high-end operations capability for the entire force? Or are we bound to create some haves and have nots in this career field?"
Shelton says the Air Force also needs a new paradigm for how it thinks about security. The current way of thinking, based on the objective of complete information assurance, is unrealistic given the huge spectrum of potential attackers facing the military. Instead, he said the Air Force should think about mission assurance.