This Briefing is:OVERALL CLASSIFICATION OF THIS BRIEFING IS
UNCLASSIFIED
24 AF
Technology and Innovations
Brig Gen Mitchel Butikofer
Vice Commander
Mission
“American Airmen delivering full-spectrum, global
cyberspace capabilities and effects for our Service,
the Joint Force, and our Nation”
We Build, Operate, Secure, Defend, Extend, and Engage In, From,
Through Cyberspace to FLY, FIGHT, and WIN for America!
“This is a warfighting HQ and so we will integrate all required Joint Component
Warfighting functions into our Staff--One Staff, One mission. This construct will also
drive improved Offensive and Defensive mission integration.”
Maj Gen Weggeman, Commander
UNCLASSIFIED
UNCLASSIFIED
2
Technology Office (TO) Mission
Mission
To advance technology of Air Force Cyberspace Operations by understanding
the latest advancements within industry, academia, national and services
labs, the Air Force science and technology community and other entities.
Major Projects
Cyber Proving Ground (CPG)
Cyber Multi-domain Innovation Team (CMIT)
AFSPC S&T
Partnerships
Current and Planned Efforts
UNCLASSIFIED
UNCLASSIFIED
CPG Summary
• CPG Projects: 18 Active (15 in Discovery/Early Involvement)
• Offensive 7 (7)
• Defensive 7 (6)
• C2/SA 4 (2)
• UNCLASSIFED Examples:
• ICS Protection in evaluating 15 unique protocols to improve CVA/H
• Assessing C2/SA capabilities for data analytics and visualization
• Review available tools to automate threat correlation
• Focus/Way-Ahead
• Current Projects heavy on organic innovation (318th roots)
• Working a few MUAs from external partners Area of growth!
• Not leveraging industry and academia enough The ORACLE will help!
• Strengthening relationships/partnering with ops community
UNCLASSIFIED
UNCLASSIFIED
Cyberspace Multi-Domain Innovation Team (CMIT)
• Joint 24 AF - 25 AF team to satisfy component operational needs,
exercising organic resources to tailor capabilities
• Leverage Cyber, EW and ISR platforms & processes—platform agnostic
• Requirements received from air components, CCMDs, and JTFs
• CMIT supports rapid prototype and TTP development/ops demos
• Capabilities go through CFLs & SPOs for sustainment (if necessary)
Other 24th AF/TO Efforts
AFSPC S&T Program
• Drive cyber operational perspective on S&T needs for AFSPC Core
Function Support Plan
• Generate ideas and contribute to annual materiel concepts
Partnerships
• AFRL, MITRE, DIUx, USAFA’s CyberWorx
Current and Planned Efforts
• AT&T; CISCO & Microsoft engineers; ICS/SCADA analysis; Dr. Watson;
TD/TA Summit; AF Innovation Summit
UNCLASSIFIED
UNCLASSIFIED
Other 24th AF Tech Efforts
• Automated Remediation and Asset Discovery (ARAD)
• Joint Regional Security Stack (JRSS)
• Enclave Control Node and Enclave NIPR Firewall & ASIM
Sustainment Modification (ENFAAS)
UNCLASSIFIED
UNCLASSIFIED
Automated Remediation & Asset Discovery (ARAD)
IOC Declared: 15 Dec 2016• Provide a real-time, standardized, simplified architecture/solution for rapid and automated
Network Operations and Defensive Cyberspace Ops
• Implemented on 500K+ endpoints
• Plain language queries; Responds with current data in 1-15 minutes
• Automate Vulnerability Management (Patch Compliance)
• Achieved 99.7% success rate on managed endpoints
• Implemented 8 hour refresh automatically remediating managed endpoints
• Building automated cyber scorecard status
• Defensive Cyberspace Operations (DCO)
• Zero-Day responses across the enterprise in minutes
• 1,500 Indicators of Compromise developed and operational
• Way Ahead
• SAF/CIO will mandate ARAD on all endpoints across AFIN
• Implement on all AFNet endpoints (includes Functional/Mission Systems)
• Implement ARAD on all AFNet-S endpoints
UNCLASSIFIED
UNCLASSIFIED
Joint Regional Security Stack (JRSS)
• Provide a next-generation, standardized, enterprise defense-in-depth and consolidated
Cyberspace Control for Department of Defense Agencies
• Region based stacks built out across the US, Army and Air Force migrating
• Defense Information System Agency sustains & maintains stacks for Services
• Phased based rolling capability installs
• Deliberate planning for capabilities to be rolled into the stack as available
• V 1.0 met Army needs, V 1.5 met USAF needs, V 2.0 in engineering/planning
• All DoD to migrate, bases moving as US regions finish, overseas installs starting – new installs at latest version,
old stacks upgraded on schedule
• Automated Failover and Routing
• 2 stacks per region, 2 “sides” per stack, bases can re-align to any working stack (cross region) – ensures
connectivity through catastrophic failures
• Management & Control of stack also fails over and has multiple pathing options
• Way Ahead
• Continue USAF migrations to US regional stacks, sharpen new ops processes
• Awaiting installation and certification of overseas stacks for migration
UNCLASSIFIED
UNCLASSIFIED
Enclave Control Node and Enclave NIPR Firewall & ASIM Sustainment Modification (ENFAAS)
Planned Completion: 30 Sep 2016
• Replace End-of-Life & End-of-Support Sidewinder Firewalls with Next-Generation
Palo Alto Firewalls
• Replaces Active Duty & Air National Guard firewalls – 2 different architectures
• Provides new capabilities, sustainment & lifecycle management for base boundary
• Next-Generation Boundary Defense
• Upgrade from mid-2000’s firewall to current hardware solution/capabilities
• Module based upgrades – as vendor develops solutions can we integrate them
• Builds Automated Security Incident Management (ASIM) into Boundary
• Automated classification of network events for operator review
• Reduces workload by consolidating number of devices needed for previous ASIM solution
• Way Ahead
• Air Force Life Cycle Management Center providing “turn-key” solution
• Plan for Operational Test and Evaluation to ensure operators can use system
• Commence installs Mar/Apr 17UNCLASSIFIED
UNCLASSIFIED
Other 24th AF Efforts
• Joint Force Headquarters – Cyber (JFHQ-C)
• Director of Cyber Forces (DC4)
• Cyber Security Services Provider (CSSP)
UNCLASSIFIED
UNCLASSIFIED
Multi-Domain C2 DNA
UNCLASSIFIED
UNCLASSIFIED
• Cyberspace Operations C2 DNA is maturing rapidly
12JFHQ-FWD is the full-spectrum cyber integrator with supported CCMD
USCYBERCOM
USCYBERCOM
J3 / JTF ARES
JFHQ-Cyber
AFCYBER
CMTs
CSTs
CCMD
CCMD
JCC/J3
JFHQ-FWD
(OCO/DCO)
Air Component
DIRCYBERFOR
• Plans, Coordinates, Synchronizes
Full spectrum cyber ISO CFACC
• Fully integrated into AOC Divs
• 7 personnel: Dir +6
NKDO Shop
DIRSPACEFOR
• FWD extension AFCYBER
• Plans, Coordinates, Synchronizes
Full spectrum cyber ISO CCMD
• Approx 45 ppl for Geo CCMD
OCO General Support To
CCMD
USAF 39 IOS
DIRCYBERFORKey Organize, Train and Equip Tasks
• Resource 39 billets (& grades) for FY18 implementation
Spread throughout the AOCs
USAFE/AFCENT/PACAF/AMC
• Publish the Operations Concept
• Identify training: AOC, AFCYBER, USCYBERCOM and
CCMD
• Incorporate cyber operations in AOC schoolhouse
training
Key Conceptual Points
• Establishing internal and external relationships must be
the starting point for the DC4
• Leverage best practices from DIRSPACEFOR/
DIRMOBFOR constructs, but look at innovative solutions
• Standardization of the general concept is necessary, but
flexibility in execution is expected
• DC4 successes from BLUE FLAG, PACIFIC SENTRY,
ULCHI FREEDOM GUARDIAN and VIGILANT SHIELD
should be incorporated into real-world operations
UNCLASSIFIED
UNCLASSIFIED
13One-stop Shop for Integrated Full-spectrum Cyber Effects
CFACC
AOC/CC
Strategy Div
Combat Plans Div
Combat Ops Div
ISR Div
Air Mobility Div
DC4
• (2) 17S O-3/4 or 1B4 E-6/7
• (1) 17S O-3/4
• (1) 17S O-3/4 or 1B4 E-6/7
• (1) 14N / O-3/4
• (2) 1N4X / E-5/7
CSSP Responsibilities
UNCLASSIFIED
UNCLASSIFIED
Listed below are the CSSP tasks the 24th AF manages.
Protect Detect Respond Sustain
Vulnerability
Assessment &
Analysis
Vulnerability
Management
Malware Protection
INFOCON/CPCON
Information Security
Continuous
Monitoring
Insider Threat
Warning Intelligence
Attack Sensing and
Warning
Cyber Incident
Handling
Program
Management
Personnel
Security
Administration
Service Provider
Information Systems