- To help readers better understand the nuances of foreign policy, CFR staff writers and Consulting Editor Bernard Gwertzman conduct in-depth interviews with a wide range of international experts, as well as newsmakers.
The U.S. Air Force is standing up a dedicated command to defend the military’s cyberspace -- that is, its digital, computerized infrastructure. Maj. Gen. William T. Lord, commander of the Air Force Cyberspace Command, says as the nature of warfare changes, the ability of the U.S. military to detect and defend must change with it. That’s no easy task. "In this business, there are lots of peers because the price of admission is relatively low," Lord says. "Nation-states that don’t have huge armed forces all of [a] sudden can begin to take nefarious activities on other nation-states [that] they wouldn’t have thought of engaging if you think about traditional modern warfare." As enemies turn to cyberspace to wage and win battle, Lord adds, the Pentagon, too, is making cyber warfare an inseparable part of its war fighting strategy.
The focus on offensive and defensive cyber capabilities is of increasing importance for military and civilian communities. If you could, start out by talking about the Air Force’s Cyber Command structure, the mission of cyber command, and where we are today in terms of its capabilities.
Right now we’re in the nascent phase. We have a hundred and sixty folks who are assigned across about four different bases who are doing this work for me. As a provisional command, I have no forces. I’m not authorized to have any forces. So until this capability goes initial operational capability on the first of October, this really is a virtual command. On the first of October, we will stand up a wing in the electronic warfare business; one in the information operations business; one that already exists in the network warfare business; and the traditional communications electronics wing. As we break this war into establishing the domain, using the domain, and operating in the domain, those will be the forces that we’ll have assigned. Today we are looking at as I said about five hundred folks in the headquarters, and that will be a virtual headquarters initially spread around about a dozen different bases. And eventually with the combination of those subordinate units that I just described and the headquarters, about eight thousand people total.
And you’re currently at Barksdale Air Force Base in Louisiana, is that correct?
That’s correct, at Barksdale Air Force Base, the provisional location and the interim location until the Pentagon sorts out exactly what the final location will be. And that’s projected to be announced for the site surveys of the finalists, if you will, at the end of this year, for final announcement sometimes next year.
Could you talk a little bit about your current operational focus, the offensive versus defensive capabilities? Is the Air Force Cyber Command strictly limited to protecting the domain that the Air Force operates in, or are you bleeding out to assist other services or the civilian side?
Right now, [we’re] strictly focused on defense of the Air Force domain, strictly focused on defense of the Air Force only. I think that as the command goes to full operational capabilities, they’ll begin to roll in the Air Force offensive capabilities again as we present to a combatant commander depending on what they need and what they want. So we have to develop not only the defenses but develop techniques, tactics, procedures, tools to do the offensive piece. But right now [we’re] focused on defense.
What types of threats are you working to defend against?
It’s everything from [legitimate attacks to something that} looks like an attack, which turns out to be really just somebody putting a new device on a network. So the work now it’s trying to define, being able to define, or be able to separate, the good from the bad, from nefarious, from the criminal, to just dumb insider activity. We had system administrators making a mistake in the network and that’s just as dangerous as an enemy. We shut ourselves down more than anybody else shuts it down.
Have we been attacked?
Depends on what you call an attack. We certainly have had penetrations and we’ve been attacked by ourselves, if you will. If you define an attack as something that degrades your ability, yes we’ve been attacked. Sometimes we’re attacked by ourselves from our own acts of omission versus commission.
Turning as much as you can to the other side of the equation, the offensive side of the Air Force’s capabilities, how good are we? What can we do, what can’t we do, and are we the best out there?
Well, in this business, there are lots of peers because the price of admission is relatively low. With some technologically smart kids you can do a lot of damage. And the difference is this technology only requires you to have a connection and a laptop computer. So as the nature of warfare changes and the price of admission to the fight goes way down, you can have lots more players.
When the price of admission was you had to have an armored/mech division, a flight of F22s, an armada of ships, it was very, very expensive, and most people didn’t play. So the danger is with this kind of warfare, you can get a lot of folks playing who didn’t play before. So nation-states that don’t have huge armed forces all of [a] sudden can begin to take nefarious activities on other nation-states that they wouldn’t have thought of engaging if you think about traditional modern warfare. So I think that will change the state of play. I don’t think it will change in five or maybe even in ten years, but maybe in twenty or twenty five years.
One of the things that I’ve heard critics talk about is the secretive nature of how operations are conducted, capabilities of the U.S.military and civilian communities. Is there a reluctance to talk publicly about these cyber-abilities, or is it something less sinister?
I would argue that it is less sinister. We don’t want to talk about it because it’s a capability that you don’t want an enemy to know how capable you really are. So it’s operational security, if you will. That’s why you don’t hear us talk about it very much.
We’ve heard in the western media stories of the Chinese reading the U.S. Secretary of Defense’s email. We’ve read about what others doing to us, but not very often about what we’re doing to them. Is this by design, or should one assume we’re not doing anything?
Where are we in terms of financial support in Washingtonfor cyber command initiatives?
That’s a good question. One of the things I’m required to do, is to develop a program objective memorandum, which is our version of long-term budget [needs]. We’re doing that and working it through the Air Force corporate structure right now. And while not approved yet, it looks like that’ll be about 5 billion dollars per year [for five years]. Not new money, this is existing programs that we are sweeping into one pile that we can now put concentrated force and mass on, to better integrate those cyber efforts. We’ve been doing cyber business for a long time, but we’re not getting all our eggs in one basket so that we can properly focus resources on that problem.
That’s not new money but is that an increase in previous funding level?
No, it is existing programs that are doing cyber today, but they’re spread out all over the U.S. Air Force. What we’re doing is consolidating those.
Finally, why is the Air Force such a good place in the military structure for cyber defenses? Is the air force best suited?
I didn’t say we’re best suited as opposed to any other service. I think that within the air force we’re so heavily dependent on this cyber domain, that we need to take more actions than we have taken in the past to protect it so that we can use it, we the air force can use it when we need to.