Technology Today - Home
"Warfighters rely upon cyberspace to command and control forces in the 21st century. Revolutionary technology has presented cybercapabilities, which can provide decisive effects traditionally achieved only through kinetic means … Mastery of cyberspace is essential to America's national security. Controlling cyberspace is the prerequisite to effective operations across all strategic and operational domains — securing freedom from attack and freedom to attack. We will develop and implement plans for maturing and expanding cyberspace operations as an Air Force core competency. We will provide decision makers flexible options to deter, deny, disrupt, deceive, dissuade and defeat adversaries through a variety of destructive and non-destructive, and lethal and non-lethal means. Finally, we will do this in friendly cooperation with our professional partners and teammates in other MAJCOMs, Services, COCOMs and U.S. government agencies."

- Maj. Gen. William T. Lord, U.S. Air Force Cyber Command Strategic Vision, Feb. 2008

History — Getting to Cyberspace
The U.S. Air Force has long recognized the electromagnetic spectrum as a domain for warfare. As early as 1942, the U.S. Army Air Corps made use of radar, remotely piloted aircraft, and radio intercept and jamming. The U.S. Air Force's roots go back to the Army Signal Corps, which purchased the very first airplanes for observation. Continuing its leadership in new technologies, the Air Force was the first U.S. government organization to field a network intrusion detection device to help defend its networks at the enterprise level.

Since the reorganization of the Air Force in 1992 dissolved the AF Communications Command, Air Force cyberoperations have grown through various independent efforts. Each major command (MAJCOM) took its own path and created its own policies and procedures for maintaining infrastructure to support communications requirements. As computer networks grew in size, complexity and importance for day-to-day operations, the disparate infrastructures became unwieldy and too costly to manage. MAJCOM networks were managed independently, but were interconnected, causing risks to be shared across MAJCOMs.

In 2004, in an effort to instill common standards and streamline operations, the Air Force created AF Network Operations (AFNETOPS) within the 8th Air Force at Barksdale Air Force Base, La. The 8AF commander also became the AFNETOPS commander and became responsible for securing the AF Global Information Grid (GIG). The Air Force created the AF Network Operations Center (AFNOC) to provide command and control across the AF GIG.

Since creating AFNETOPS and the AFNOC, the advanced persistent threat to the networks has grown, and it became clear that maintaining secure networks would be essential to conducting warfare as well as day-to-day business. It was also clear that an advanced adversary would rely on computer networks as much as the U.S. The ability to disrupt or exploit those networks would be essential in conducting warfare.

In 2006, the Air Force began a more focused effort to establish a warfighting entity responsible for cyberspace operations. This organization began by designating 8AF as AF Cyber Command, responsible for conducting warfighting operations in and through cyberspace. At the same time, Air Force leadership considered various reorganization options, and in October 2008 established a new Component Numbered Air Force (C-NAF), the 24th Air Force, which would be responsible for conducting cyberoperations. The 24AF would be assigned to the Air Force Space Command as the MAJCOM responsible for organizing, training and equipping forces for space and cyberspace operations.

Cyberspace Operations
Cyberoperations are defined as "The employment of cybercapabilities where the primary purpose is to achieve military objectives or effects in and through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid."1 The 24AF would establish, operate, maintain, defend, exploit and attack threat networks in support of Joint Operations. This mission supports Joint Combatant Command needs assigned to U.S. Strategic Command (USSTRATCOM), as defined in the Unified Command Plan (Figure 1).

24th Air Force Organization
The 24AF will be headquartered at Lackland Air Force Base, San Antonio, Texas, where the majority of its forces are currently operating. The C-NAF will be commanded by a major general and will have a command staff of about 100 personnel. The C-NAF will operate a cyberoperations center (CyOC) that is analogous to an air operations center (AOC). The current AFNOC will grow into the CyOC, which will be organized similarly to an AOC with five divisions: Intelligence, Surveillance and Reconnaissance; Strategy; Plans; Operations; and a Cyber Coordination Cell. The CyOC will "establish, plan, direct, coordinate, assess, command and control cyberoperations and capabilities in support of Air Force and Joint Operations."2

The 24AF will consist of three active-duty wings with more than 5,500 personnel: 67th Network Warfare Wing, 688th Information Operations Wing, and the 689th Combat Communications Wing. The Air Force Reserve and Air National Guard will augment this force with approximately 4,500 personnel and aligned units.3

The 67th Network Warfare Wing is headquartered at Lackland Air Force Base, Texas, and has units spread around the world. The Wings' mission includes network operations and security, as well as offensive operations.

The 688th Information Operations Wing will be established by renaming the AF Information Operations Center (AFIOC), currently at Lackland Air Force Base, Texas. The 318th Information Operations Group and the 688th Information Operations Group, both at Lackland Air Force Base, will be aligned to the 688IOW.

The 689th Combat Communications Wing will be established at Tinker Air Force Base, Okla., and will be responsible for establishing, maintaining and defending the tactical networks necessary to support expeditionary Air Force operations. The 3rd Combat Communications Group at Tinker Air Force Base; the 5th Combat Communications Group at Robbins Air Force Base, Ga.; and the 85th Engineering and Installation Squadron at Keesler Air Force Base, Miss., will be aligned to the 689CCW.

Raytheon has committed significant resources through internal research and development projects to explore new tools for insider threat detection, malicious logic detection, network maneuverability, assurance in virtual environments, and many more. Raytheon has partnered with other companies to approach new customers, such as the Defense Cyber Crime Center, with innovative ideas in their mission areas.

Cyberoperations and Battle Damage Assessment
So what is an example of an offensive cybermission? Many examples are classified and cannot be discussed. During the Kosovo conflict, a particular telephone switch being used for command and control was identified and targeted. It was added to the air tasking order to be struck with a kinetic weapon (a bomb), but a cyberalternative was offered. The switch was taken out of service with a sort of "war dialer on steroids" that called every single extension on the switch over and over. This kept the switch constantly busy and no longer a viable command and control tool.

As non-kinetic options are developed, battle damage assessment tools must be adjusted to match the desired effect of the mission. During Operation Iraqi Freedom, a data switching center was targeted and a kinetic strike conducted. A Predator observed a big smoking hole in the roof of the building, but analysis revealed the switch was still operational. A second air strike had to be scheduled.

Establishing the 24th Air Force is just the first step in organizing the Air Force for effective cyberoperations. New cyberdoctrine is being developed and plans have been made to establish a new cyberoperations career field. The Air Force is returning to its roots to move decisively into the future.

1 Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms As Amended Through March 17, 2009.
2 24AF Command and Control of Operations of Cyberspace Forces, May 5, 2009.
3HQ Air Force Program Action Directive 07-08, Change 3, Feb. 20, 2009.