1

Art “Wally” Wachdorf

24 AF/CA

24 AFOperationalizing

Cyber

Montgomery IT Summit

2

Unclassified

Unclassified

Foundational Principles

• Only operational domain that is man-

made

• Physical Domain (A place, Not a

mission)

• Where Operations are conducted

(Like Land, Sea, Air & Space)

• Integrate operations conducted

across domains (don’t integrate

domains)

• It’s About Mission Assurance (not

Network Assurance)

"Cyberspace is not a mission, it is a place where

operations are conducted … and is about assuring

the mission, not about assuring the network”

–Maj Gen Dick Webber, AFNS, 20 Nov 09

3

Unclassified

Unclassified

The Battle has Come to Cyberspace

“Make no mistake about it, the fight is on in cyberspace “

- Gen C. Robert Kehler

• Who

• Individual hackers

• Organized crime

• Transnational groups

• Nation states

WAN Interface Cards

• What

• Known vulnerabilities

• Attack applications vice OS

• DoD contractors (attack seams)

• Reverse engineer anti-virus

• “Spear” phishing (targeted)

• Supply chain

4

Unclassified

Unclassified

24th Air Force

689 CCW,

Col Giorlando688 IOW,

Col Skinner

CC,

Maj Gen

Webber

67 NWW,

Col Shwedo

624 OC,

Col Diaz

770 ISRG(P),

Lt Col Hamrick

5

24 AF Mission (USAF’s Cyber Force)

24 AF Mission: Extend, operate and defend the Air

Force portion of the DoD network and to provide full

spectrum capabilities for the Joint warfighter in

through and from cyberspace

Mission Assurance for Joint Operations

• Network Operations

• Information Operations

• Combat Communications

• 4,300 Active Duty &

Civilians

• Full Spectrum

Network Ops

• Maintenance

• 11,000 ARC

6

Unclassified

Unclassified

Establish, plan, direct, coordinate, assess, command &

control cyber operations and capabilities in support of

Air Force and Joint requirements

624th Operations Center

24 AF/CC

ISR

Division

(ISRD)

Strategy

Division

(SRD)

Combat

Ops

Division

(COD)

624 OC/CC

Cyber

Coord

Cell

(CyCC)

LNOs

Stan-Eval (DOV) Training (DOT)

Combat

Plans

Division

(CPD)

Current 624 OC Personnel: 90 (Military, Civilians)

624 OC FY10 Billets: 196

STO

Sys

Support

Operational Orders

• CyOD

• AF-CTO

• CCO

• MTO

7

Unclassified

Unclassified

Communications

Cloud

1. Identify critical mission elements and

supporting infrastructure

DCGS

AOCCreech AFB

AF CircuitArmy Circuit

DISA leased circuit

ASIM/IOP

ASIM/IOP

Mission Assurance

8

Unclassified

Unclassified

Communications

Cloud

1. Identify critical mission elements and

supporting infrastructure

2. Assure infrastructure availability

3. Focus intelligence collection on

mission support

DCGS

Creech AFB

Army Circuit

DISA leased circuit

AF Circuit ASIM/IOP

ASIM/IOP

AOC

2. Hot Back-

up

2. Back-up

circuit – single

point of failure

Intelligence

community

3. IC providing

mission related

Intel

Mission Assurance

9

Unclassified

Unclassified

Communications

Cloud

DCGS

AOC

Creech AFB

1. Identify critical mission elements and

supporting infrastructure

2. Assure infrastructure availability

3. Focus intelligence collection on

mission support

4. Actively defend critical links,

information, and infrastructure

Army Circuit

DISA leased circuit

AF Circuit ASIM/IOP

ASIM/IOP

AOC

4. AFCERT focuses

on msn related

sensors

4, Hunter teams

deploy with

sensors to secure

and defend

AFCERT

Mission Assurance

10

Unclassified

Unclassified

Strategy Based Architecture

Crown Jewels

• DAL

• TBMCS

• TACC

• JSPOC

• Mission critical

systems

Two factor authentication

TPM validation

Comply to connect

Port Identification

Core Systems

• Email

• AF Portal

• MyPay

• Trusted partners

Self Managed

Systems

• PMO

• Recruiters

• Red Cross

Access denied

Two factor authentication

IOP IOP

Must Evolve From Perimeter Defense

Virtual Technology

Virtual Technology

Trusted Systems

11

Unclassified

Unclassified

Partnerships

• Seamless integration of Intel and Cyber

• AFISRA and 24AF

• Relationships with National Communities and AF

• AFOSI

• Joint

• Coalition

• Industry

• National Laboratories

12

Unclassified

Unclassified

QUESTIONS?

13

Unclassified

Unclassified

AFNET Macro View

• Standardize / minimize AF Gateways (CITS Blk 30)

• Intrusion Protection System (IOP) at Gateways (Dynamic Defense)

• Intrusion Detection System (ASIM) at each base (known threats)

• Monitor and alert (HBSS) at each machine (CITS Blk 35)

• Cyber C2 weapon system (CCS) (CITS Blk 40)

• Single trouble ticket & IT inventory tracking system

• Theater deployable communication integration

• Move to a single AF forest