"Warfighters rely upon cyberspace to
command and control forces in the 21st century. Revolutionary technology has presented cybercapabilities, which can provide decisive effects traditionally achieved only through kinetic means … Mastery of cyberspace is essential to America's national security. Controlling cyberspace is the prerequisite to effective operations across all strategic and operational domains — securing freedom from attack and freedom to attack. We will develop and implement plans for maturing and expanding cyberspace operations as an Air Force core competency. We will provide decision makers flexible options to deter, deny, disrupt, deceive, dissuade and defeat adversaries through a variety of destructive and non-destructive, and
lethal and non-lethal means. Finally, we will do this in friendly cooperation with our professional partners and teammates in other MAJCOMs,
Services, COCOMs and U.S. government agencies."
- Maj. Gen. William T. Lord, U.S. Air Force
Cyber Command Strategic Vision, Feb. 2008
The U.S. Air Force has long recognized the
electromagnetic spectrum as a domain for
warfare. As early as 1942, the U.S. Army Air
Corps made use of radar, remotely piloted
aircraft, and radio intercept and jamming.
The U.S. Air Force's roots go back to the
Army Signal Corps, which purchased the
very first airplanes for observation.
Continuing its leadership in new technologies,
the Air Force was the first U.S. government
organization to field a network
intrusion detection device to help defend its
networks at the enterprise level.
Since the reorganization of the Air Force in
1992 dissolved the AF Communications
Command, Air Force cyberoperations have
grown through various independent efforts.
Each major command (MAJCOM) took its
own path and created its own policies and
procedures for maintaining infrastructure to
support communications requirements. As
computer networks grew in size, complexity
and importance for day-to-day operations,
the disparate infrastructures became unwieldy
and too costly to manage. MAJCOM
networks were managed independently, but
were interconnected, causing risks to be
shared across MAJCOMs.
In 2004, in an effort to instill common
standards and streamline operations, the
Air Force created AF Network Operations
(AFNETOPS) within the 8th Air Force at
Barksdale Air Force Base, La. The 8AF
commander also became the AFNETOPS commander and became responsible for securing
the AF Global Information Grid (GIG).
The Air Force created the AF Network
Operations Center (AFNOC) to provide
command and control across the AF GIG.
Since creating AFNETOPS and the AFNOC,
the advanced persistent threat to the networks
has grown, and it became clear that
maintaining secure networks would be
essential to conducting warfare as well as
day-to-day business. It was also clear that
an advanced adversary would rely on computer
networks as much as the U.S. The
ability to disrupt or exploit those networks
would be essential in conducting warfare.
In 2006, the Air Force began a more focused
effort to establish a warfighting entity
responsible for cyberspace operations. This
organization began by designating 8AF as
AF Cyber Command, responsible for conducting
warfighting operations in and
through cyberspace. At the same time,
Air Force leadership considered various
reorganization options, and in October
2008 established a new Component
Numbered Air Force (C-NAF), the 24th Air
Force, which would be responsible for conducting
cyberoperations. The 24AF would
be assigned to the Air Force Space
Command as the MAJCOM responsible for
organizing, training and equipping forces
for space and cyberspace operations.
Cyberoperations are defined as "The
employment of cybercapabilities where the
primary purpose is to achieve military objectives
or effects in and through cyberspace.
Such operations include computer network
operations and activities to operate and defend
the Global Information Grid."1
24AF would establish, operate, maintain,
defend, exploit and attack threat networks
in support of Joint Operations. This mission
supports Joint Combatant Command needs
assigned to U.S. Strategic Command
(USSTRATCOM), as defined in the Unified
Command Plan (Figure 1).
The 24AF will be headquartered at Lackland
Air Force Base, San Antonio, Texas, where
the majority of its forces are currently operating.
The C-NAF will be commanded by a
major general and will have a command
staff of about 100 personnel. The C-NAF
will operate a cyberoperations center
(CyOC) that is analogous to an air operations
center (AOC). The current AFNOC will
grow into the CyOC, which will be organized
similarly to an AOC with five divisions:
Intelligence, Surveillance and Reconnaissance;
Strategy; Plans; Operations; and a Cyber
Coordination Cell. The CyOC will "establish,
plan, direct, coordinate, assess, command
and control cyberoperations and capabilities in support of Air Force and Joint
The 24AF will consist of three active-duty
wings with more than 5,500 personnel:
67th Network Warfare Wing, 688th
Information Operations Wing, and the
689th Combat Communications Wing. The
Air Force Reserve and Air National Guard
will augment this force with approximately
4,500 personnel and aligned units.3
The 67th Network Warfare Wing is headquartered
at Lackland Air Force Base, Texas,
and has units spread around the world. The
Wings' mission includes network operations
and security, as well as offensive operations.
The 688th Information Operations Wing
will be established by renaming the AF
Information Operations Center (AFIOC),
currently at Lackland Air Force Base, Texas.
The 318th Information Operations Group
and the 688th Information Operations
Group, both at Lackland Air Force Base, will
be aligned to the 688IOW.
The 689th Combat Communications Wing
will be established at Tinker Air Force Base,
Okla., and will be responsible for establishing,
maintaining and defending the tactical
networks necessary to support expeditionary
Air Force operations. The 3rd Combat
Communications Group at Tinker Air Force
Base; the 5th Combat Communications
Group at Robbins Air Force Base, Ga.; and the 85th Engineering and Installation
Squadron at Keesler Air Force Base, Miss.,
will be aligned to the 689CCW.
Raytheon has committed significant resources
through internal research and development
projects to explore new tools for
insider threat detection, malicious logic detection,
network maneuverability, assurance
in virtual environments, and many more.
Raytheon has partnered with other companies
to approach new customers, such as
the Defense Cyber Crime Center, with
innovative ideas in their mission areas.
So what is an example of an offensive
cybermission? Many examples are classified
and cannot be discussed. During the Kosovo
conflict, a particular telephone switch being
used for command and control was identified
and targeted. It was added to the air
tasking order to be struck with a kinetic
weapon (a bomb), but a cyberalternative
was offered. The switch was taken out of
service with a sort of "war dialer on
steroids" that called every single extension
on the switch over and over. This kept the
switch constantly busy and no longer a viable
command and control tool.
As non-kinetic options are developed, battle
damage assessment tools must be adjusted
to match the desired effect of the mission.
During Operation Iraqi Freedom, a data
switching center was targeted and a kinetic
strike conducted. A Predator observed a big
smoking hole in the roof of the building,
but analysis revealed the switch was still
operational. A second air strike had to
Establishing the 24th Air Force is just the
first step in organizing the Air Force for effective
cyberoperations. New cyberdoctrine
is being developed and plans have been
made to establish a new cyberoperations
career field. The Air Force is returning to its
roots to move decisively into the future.