[ISN] Red Flag cyber operations: Part II - Cyber operators stand against red team 'aggressors'

From: InfoSec News <alerts_at_private>
Date: Mon, 14 Mar 2011 00:06:26 -0600 (CST)
http://www.afspc.af.mil/news/story.asp?id=123246419

By Tech. Sgt. Scott McNabb
24th Air Force Public Affairs
3/11/2011 

NELLIS AIR FORCE BASE, Nev. -- It's not supposed to be easy.

For the first time in Red Flag exercise history, cyber and space 
operators are a fully integrated part of the friendly forces "blue team" 
that defend the interest of the United States and her allies against the 
aggressors of the "red team."

"It's imperative that our operators are faced with difficult scenarios. 
The intent is that they learn from the high pressure scenarios to 
rapidly and deliberately integrate their unique skills and capabilities 
with air and space forces to better prepare them grow as cyber operators 
and as leaders," said Col. Mark Ware, 24th Air Force director of 
operations. "When the other Airmen participating in Red Flag see the 
impact on flying and space operations with and without cyber support, 
they should better understand what their cyber teammates bring to the 
fight and how we can all work together to defeat our adversaries."

Initial results from the realistic combat training exercise indicate the 
blue team's cyber operators made it through early struggles to reach 
mission success and, in some cases, shut down various red team 
capabilities before they were employed.

"The way I see it, in ancient Greek or Roman times, warriors wore 60 to 
70 pounds of armor," said 2nd Lt. Louis Murphy, who belongs to the 33rd 
Network Warfare Squadron, but served as commander for the blue team, 
working out of the Information Operations range, located at Lackland Air 
Force Base, Texas. "Today in Iraq and Afghanistan, they also wear about 
60 to 70 pounds of body armor. It's a lot better armor, but it's never 
perfect. The same is true for cyber. No matter what program you have, it 
won't be perfect. You adjust and get better."

Red team's cyber aggressors are formidable and push the blue team to 
their very limits. Elements of Red Flag's cyber red team include:

   - Detachment 2, 318th Information Operations Group, charged with 
     creating an exercise scenario that will allow for realistic cyber 
     play and integration with standard kinetic operations;

   - The 57th Information Aggressor Squadron provides the cyber targets 
     for U.S. Air Force cyber warfighters;

   - The 177th Information Aggressor Squadron, Kansas Air National 
     Guard, is the sister squadron to the 57th IAS.

These units along with some individual Reserve Airmen provide a wide 
breadth of opposition for the blue team to lock horns with.

Capt. Christian Fisher, Det. 2 Exercise Flight commander, said he and 
others worked on scenarios for months to optimize the training 
experience.

"It is important for cyber operations to be included in Red Flag so that 
members of the cyber community can plan and execute a mission alongside 
the air and space operations communities," said Captain Fisher. "Without 
integrating those three, no one outside the cyber community is ever 
going to know where cyber operations are going to be beneficial because 
they will have no idea what the cyber community is capable of. In order 
to make cyber operations as effective as they can be they need to be 
integrated with air and space operations, and the first step of that 
integration is participating in large force exercises like Red Flag 
where non-cyber operators can see what cyber brings to the fight."

"Seamless integration of joint operations is the ultimate goal for these 
new efforts in Red Flag," said Maj. Gen. Richard Webber, 24th Air Force 
commander. "We are elevating the level of training to new heights, in 
order to learn how to best employ our operational forces to achieve 
desired effects for the joint and coalition teams."

Captain Fisher said the impact of including cyber operations in Red Flag 
is that it allows for more solutions to the tactical problems that are 
presented to the exercise participants.

"In some cases cyber operations may allow for a similar but less 
persistent effect on a target set than dropping a bomb, which may be 
more beneficial in the long term depending on what the desired end state 
is," he said. "It's really how Red Flag continues to be a premier 
training event for the Air Force even as the operational environment 
changes based on the evolution of technology."

Maj. Frank Lyons, 57th IAS team chief, gave an example of a possible 
scenario his red aggressors would test the blue team with.

"We (the red team) set up a cyber café where a terrorist is uploading 
the latest propaganda video to a server so all his buddies can see it," 
he said. "The blue forces would do something to either prevent the video 
from being seen, or to prevent the terrorist from having Internet 
access."

Each cyber aggressor team varies in size according to the mission. For 
Red Flag 11-3, there are 24 team members operating as the adversary.

Maj. Drew Bjerken, 177th IAS Weapons and Tactics Flight commander and 
overall Red Flag 11-3 red team mission commander, said he looks forward 
to presenting a cyber adversary that is reactive and in some cases 
aggressive rather than only providing targets as in years past. The 
majority of the red team offensive cyber operators come from the 177th 
IAS while the majority of the red team defenders belong to the 57th IAS.

"Allowing red to go offensive presents blue net defenders their first 
opportunity to integrate so deeply into Red Flag," said Major Bjerken. 
"This integration is key, as Air and Space Operations Centers commanders 
know what to do when they are under attack by air or ground forces, but 
often they are unaware of how to react and what needs to be done when 
under attack by cyber forces."

Chief Master Sgt. Kevin Slater, 24th Air Force command chief, said 
operations integration may be the most important success story of this 
exercise.

"Cyber's integration into Red Flag is as much about educating our air 
and space teammates on the critical mission assurance attributes of 
cyber as it is an opportunity to further our efforts to operationalize 
the cyber domain and the cyber warriors who operate in it," he 
explained.

Cyber operators taking part in Red Flag didn't happen overnight. Captain 
Fisher said he, personally, has been integrating cyber operations into 
U.S. Warfare Center exercises, to include Red Flag, for two years now. 
He said Det. 2, 318th IOG has been doing this for almost six years.

"This was the next logical step as we continue to mature Air Force cyber 
operations. We are building a "Culture of Cyber" in the Air Force, 
structuring cyber training in the model of air and space operations 
training," said General Webber. "Red Flag is the best tactical exercise 
in the world and adding cyber to the 'fight' made sense because the 
cyber domain is integral to the Air Force's ability to fly, fight and 
win. Our operators are getting right alongside their air and space 
counterparts, testing their abilities in realistic wartime situations. 
This will make Red Flag more realistic and train our Airmen to make the 
right decisions when things get tough."

Captain Fisher said a successful exercise is one where the participants 
learn something. He wants cyber operators to walk away from this 
exercise with a better understanding of operations outside of the cyber 
community, based on their interaction with everyone else during this 
exercise.

"I think the biggest area for improvement for the cyber community is 
going to come from the lessons that we learn in running the command and 
control of cyber operations within the AOC," he said. "Currently there 
exist a handful of theories on how to best integrate and control cyber 
operations within the AOC; this will be one of the first exercises where 
we will be executing operations based on some of those theories. When 
the exercise is done, we should be able to walk away with a much clearer 
understanding of where cyber operations fits into the AOC structure and 
what the best way to C2 cyber operations within the AOC is."

The final week of Red Flag 11-3 is underway and cyber inputs will add 
the crescendo to this unique exercise. General Webber said he looks 
forward to studying the results of the exercise, and is thankful the men 
and women in cyber operations will be able to take their experiences 
back with them.

"The red team is truly testing the skills of our blue team members, but 
the blue team continues to counter the attacks and strengthen the 
defense," he said. "As tactical cyber involvement grows within Red Flag 
and more of our operators get the opportunity to take part in the 
exercises, we will create a more seasoned, battle-ready cyber force. I 
hope that our cyber, space and air operators all come away from this 
exercise with an appreciation for each other's missions, and bring back 
to real-life operations a sense of how to better coordinate and 
integrate for greater operational results."

(Editor's Note: This is the second story in a series about Air Force 
cyber operators taking exercise inputs in Red Flag.)


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Sun Mar 13 2011 - 23:06:26 PDT

This archive was generated by hypermail 2.2.0 : Sun Mar 13 2011 - 23:09:56 PDT