24 AF / JFHQ-CYBER / AFCYBER

WARFIGHTER PERSPECTIVE

Sherri Hanson

Executive Director

Challenges and Opportunities

• Proliferation & Sophistication of Threats

• Instilling an Innovative Operational Culture

• Integrated Command & Control

• Multi-Domain Integration

• Cyber Mission Force

• Force Development

• Added Capacity & Capabilities

• Total Force Integration

• Rapid Cyber Acquisition

• Real-time Situational Awareness & Fused ISR

2UNCLASSIFIED

UNCLASSIFIED

Build … Extend … Operate … Defend … Engage

Today’s Warfighting Perspective

Increasingly “Commander’s Business” to Succeed in Today’s Fight

• Cyberspace is a Domain…Not a Mission or Functional area

• Cyberspace is Man-Made…Primary Architect is Private Industry

…Innovation Occurring at Unprecedented Pace

• Cyberspace is Contested…Potential Risk to Main Street, Wall Street and Combat Ops

…Warfighting Principles Influence Mission Success

• Cyberspace is Complex…Challenges Existing Policy and Legal Framework

…Challenges Traditional C2 Constructs

3UNCLASSIFIED

UNCLASSIFIED

Past:

• Focus on CNE/Cyber Crime

• Increase in disruptive attacks

• Initial foray into destructive attacks

Future:

• Increased sophistication and obfuscation

• Focus on embedded/isolated systems

• More destructive attacks

Destruction

Exploitation

Disruption

Destruction

TITAN

RAIN

RED OCTOBER

Discovered;

operating since 2007Morris

Worm

1998 2003 2008 2009 2010 2011 2012 2013 2014 2015

NASA

Forced

to block

email

attachments

Estonia

DDoS

SECDEF

NIPR

email

US Election

Campaigns

Compromised

Georgian

Gov’t

websites

DDoS vs.

Israeli

Gov’t

STUXNET

Iraqi Insurgents

hack US

UAV Feeds

Classified data

stolen from

India Defense

Ministry

WikiLeaks

“enemies” attacked

after Assange arrest

Canadian Gov’t agencies

forced to disconnect

from Internet

US DIB Hacked

>24,000 files

Stolen

FLAME

Skype/Bluetooth

Exploit

Spear

Phishing

Attack on US Gas

pipeline systems

Saudi Oil Co

Aramco

attacked

US Banking

Industry

DDoS Attack

South Korean

Media Outlet

Networks Attacked

New York Times

Websites

disrupted

for 20 hours

Sony

Entertainment

Attacked

OPM Hacked

TS/SCI applicant

data exfil’d

US State Dept

shuts down

network parts to

remove exploit

Target

Discloses

40M+ customers’

CC data stolen

…//… …//…

Charlie Hebdo

Attacks

The Evolving Cyber Threat

Exploitation

Disruption

Destruction

4UNCLASSIFIED

UNCLASSIFIED

STRATEGY

DEVELOPMENT

MASTER CYBER

PLANNING

CTOEXECUTION

ASSESSMENTS

TARGET

DEVELOPMENT

(ADVERSARY &BLUE)

RSTA ANNEX

TCNO/MTO/CCOPRODUCTION

Intel

MISREPS

SITREPS

EFFECTS

CTO

SPINS

MCOP

BRIEF

CYOD

CYOP

SRD

CPD

ISRD

COD

MISREP ANALYSIS

TOOL (MAT)

AFCYBER

PORTALSTRATEGIC

WORLDWIDE

INTEGRATION

CAPABILITY

(SWIC)

ACUMEN

Cyber Tasking Cycle

Cyberspace Multi-Domain

Innovation Team (CMIT)

• CSAF directed CMIT to integrate complementary ISR and EW functions with cyberspace operations to meet the op needs of the air component commanders.

• Facilitate the development of urgent operational capabilities to deliver multi-functional cyberspace effects to air component commanders as fast and cheaply as possible.

• 24 AF and 25 AF CMIT working group: consists of 24/25 AF leaders, EW, ISR, DoD, industry & academia

(U) Black Dart OV-1

(U) Required Coordination:-24 AF/624 OC

-67 CW/67 COG/91NWS

-688 CW/318 COG/ 90 IOS

-BLACK DART/JIAMDO

-Compass Call SPO

-Compass Call

(U) Required Equipment:-ECCO

-TP- Link: TL-WN722N

-688 CW/318 COG/ 90 IOS

-SMA Connector

-90 IOS developed S/W

UNCLASSIFIED

UNCLASSIFIED

AF’s CMF Force Structure

= 24 AF

= 25 AF*

• Total contribution: 1,700+ Airmen; 39 Teams

• AFCYBER presents forces to USCYBERCOM

• Jointly manned by 24 AF & 25 AF (1,000+ and 700+ Airmen)

• 2 teams currently FOC / 17 teams IOC

Combat

Mission Team

Combat

Support Team

COCOM Support

13 x CMTs/CSTs

National

Mission Team

National

Support Team

Defend the Nation

6 x NMTs/NSTs

Cyber DefenseCyber

Protection Team

14 x CPTs (All 24 AF)

6 x DTN CPTs (24/25 AF)*

8UNCLASSIFIED

UNCLASSIFIED

CMF Numbers

• 39 CMF Air Force provided teams

• 4 NMT / 2 NST / 8 CMT / 5 CST / 20 CPT

• 1700 personnel – 80% Enl / 10% Off / 10% Civ

• Total Force CMF

• 2 ANG CPTs manned by 12 squadrons

• 1 ANG NMT manned by 3 squadrons

• 3 CPTs supported by 1 AFRC CAU

• 2 teams currently FOC / 17 teams currently IOC

Cyber Acquisition Challenge

Provide Life Cycle Management at the “Speed of Need”

Technology Projects

Acquisition Demilitarization

Product Support

LogisticsMaintenanceMateriel

Management

Continuous threat changes

Reactive environment

Ongoing “cyber arms race” in a

continuous cyber war

Potential for “unknown unknowns”

Industry drives technology advances

Fast Pace

of Change

in Cyber

Cyber Solution Cell

AFLCMCCyber Solutions Cell

Advise/assist operator Develop COAs Cyber knowledge base

Needs

Needs

IdeasSolutionsTechnologies

Operational CyberUser

ProposedCOAs

RTOI

Foundational

Rapid

Other Services & Agencies

S&T Community

Industry

AFLCMC

AFLCMC

24 AF

24th AF Cyber Services Forecast

12

Customer Title/Description Buyer/CO Info Phone Email

Procure. Type:

(Services/Constr

uct/Supplies…et

c)

Solicitation Type: (Set-

Aside?)

Anticipated

RFP Date

Anticipated

Need/Award

Date

38CEIG

CIPSII (Cyberspace Infrastructure Planning System): Provide

maintenance, sustainment, documentation of the CIPS on both

classified and unclassified networks. Gary Ethridge (405)734-2951gary.ethridge@tinker.af.mil Services (8(a) Competitive 15-Sep-15 1-Apr-16

38CYRS

SE-CODE: (Formerly:SCOPE EDGE): The purpose of this procurement

is to provide the 38 Cyberspace Readiness Squadron (CYRS) Scope

EDGE mission with technical support in network compliance

assessment, analysis, performance-tuning, baselining, and

optimizing networks. Tracie Holman (405)734-9731tracie.holman@tinker.af.mil Services TBD by Market Research 1-Oct-15 18-May-16

90IOS

INDS II:Provide subject matter expertise to perform rapid

reprogramming of cyber weapon systems to include: Air Force

Cyberspace Defense (ACD), Cyberspace Vulnerability Assessment-

Hunter (CVA/Hunter), and Air Force Intranet Control (AFINC), with

modular components and payloads for tailored execution

countering mission critical threats. Tony Owens (405)734-9637anthony.owens.7@us.af.mil Services 8(a) Competitive (OASIS) 6-Nov-15 5-Jul-16

90 IOS

SHELTER: ACCAFE & RIDDLES : Services supporting AFOSI and Law

Enforcement Agencies to Counter Enemy Use of Internet and

Scanning/Defending Against BIOS Level Malware and Rapidly

Integrate Technology into AF Weapons Systems. VECTORII : Provide

assistance to the 688th and the 90th IOS in the identification,

detection, and analysis of previously unknown software

vulnerabilities; development or identification of capabilities to

exploit. (OCO/DCO RTO&I) Kirsten Hawley (210)977-5682kirsten.hawley@tinker.af.mil Services (8(a) Compettive) 26-Aug-15 14-Jul-16

UNCLASSIFIED

UNCLASSIFIED

24th AF Cyber Services Forecast

13

Customer Title/Description Buyer/CO Info Phone Email

Procure. Type:

(Services/Constr

uct/Supplies…et

c)

Solicitation Type: (Set-

Aside?)

Anticipated

RFP Date

Anticipated

Need/Award

Date

92 IOS DCRIOS: Network Defense Services Betsy Fanning (405)734-7369elizabeth.fanning@tinker.af.milServices

SDVOSB Set-Aside/ CMMI

Level III 28-Sep-15 14-Aug-16

24AF

24AF/624th Analytical Support: The purpose of this procurement is

to provide the 24 AF Air Forces (AFFOR) staff with technical and

analytical support in areas relating to Command and Control (C2),

planning, implementing, and executing the Air Force Cyberspace

mission, including support to develop and implement tools and

procedures for Net Defense (Net D) and Net Warfare (NW)

operations, and related incorporation of Net Support (Net S) and

Net Exploitation (Net E) support capability and functions. Belinda Gallo (210)925-8515belinda.gallo.2@us.af.mil Services TBD by Market Research 30-Oct-15 30-Sep-16

39IOS

CyOFTS (Cyber Operations Formal Training Support):Augment and

Support Formal Training Unit Instruction Tony Owens (405)734-9637anthony.owens.7@us.af.mil Services TBD by Market Research 25-Mar-16 18-Oct-16

90IOS

CSC (Cyber Simulation Center) Multi-Year (Formerly ACE-IOS):

Provide the preeminent live-virtual-constructive environment to

enable cyber weapons development/fielding and

training/exercising of Airmen operating in the Command and

Control and Cyberspace domains. Kirsten Hawley (210)977-5682kirsten.hawley@tinker.af.mil Services TBD Market Research 7-Apr-16 6-Apr-17

**All information is designed to simply increase understanding of each requirement and could change. Please stay in touch with 38CEIG/SB for latest status**Information with risk to change and/or is unofficial.

UNCLASSIFIED

UNCLASSIFIED

38 CEIG Small Business Programs

• 38 CEIG Small Business Programs Office acts as an industry liaison and tracks future 24th AF Cyber Services opportunities

• 38 CEIG Director, Small Business ProgramsChristopher Hathaway

4029 Hilltop Road, Suite 206

Tinker AFB, OK 73145

E-mail: christopher.hathaway@us.af.mil

Voice: (405) 734-2961

14

UNCLASSIFIED

UNCLASSIFIED

ISR-Cyber-EW IntegrationUNCLASSIFIED

UNCLASSIFIED

Ecosystem of Government, Academia & Industry Leaders