Air Force CISO: Adversaries Are Watching You


The new era of enduring cyber conflict has led some within government to remain on guard and lose trust with anyone and everyone interacting with them from behind a keyboard.

“Cyber threats are real. We need to increase the awareness across our entire internal Air Force and across [the Defense Department] to avoid exploitation and reduce risks to ourselves and our missions,” Air Force CISO Peter Kim said in a Jan. 23 speech at the ICIT Winter Summit in Arlington, VA.

The new generation of conflict, which involves malicious cyber espionage and intrusion campaigns, is a wake-up call that anything and everything is fair game to be exploited by adversaries.

“The average military member probably doesn’t think about this every day, but we are being monitored and watched by our adversaries,” Kim said, adding adversaries will likely read everything they can about the conference he was speaking at to see what people are saying. “If you hold a U.S. government security clearance … you are targets for a malicious cyber activity as a result of the massive OPM breach.”

Furthermore, Kim described an emerging environment wherein personal interactions should always be questioned and vetted. “Even in our personal social media lives we are being monitored. From LinkedIn to Facebook we are being monitored,” he said. “Our adversaries are watching … Be mindful and wary of friend requests from anyone you don’t know. Even attempts to reach out to get to know you or connect for networking, you should all scrutinize every one of those, especially people you’ve never seen or heard from or met. Be mindful of Facebook pages and LinkedIn groups masquerading as official pages like an official F-22 page … where you can share your experiences and war stories and get to know others. Check the sources, ask your colleagues, go that extra mile before accepting.”

Both experts and the intelligence community have warned of robust social media campaigns waged by “trolls” in an attempt to gain compromising information and sow chaos.

“In the nearly 30 years I’ve served in the Air Force both in active duty and civilian capacity, I’ve never seen threats more sophisticated and diverse across all domains from a broad array of nation state and non-nation state actors than I’ve seen today in 2017,” Kim said. “This is especially true in cyberspace where the challenges are evolving faster than anywhere else.”

In 2016 alone, Kim noted that Air Force networks blocked 1.3 billion attempted malicious connections, boiling down to more than 40 attempted intrusions per second.

So how is the Air Force dealing with this complex new environment? According to Kim, by applying a three-pronged approach that focuses on mission assurance: building cyber defense in depth, creating a cybersecurity workforce and acquiring cyber-resilient systems.

Cyber defense in depth must involve a combination of measures as Kim said a single approach will no longer provide the most robust defense possible. This involves IT-based defense in depth, resiliency and active defense. Without solid, basic IT defenses, too many strikes will get through for resilient systems to handle. Without good defense in depth, active defense – hunting threats on the network – will also fail because defenders will be overwhelmed and unable to find sophisticated attacks in the massive noise, while resiliency offers assurance against adversaries that will still get in, he said. No defense is completely effective, so resiliency is important and as such, only combining all three approaches will allow for mission assurance and mitigation of threats to Air Force missions.

The Air Force is also providing a variety of initiatives from the academy up to the operational level to build a workforce that understands the terrain, preparing them to fight and win in this new paradigm.

That ranges from the Air Force Academy’s Cyb3rworx program – a focal point for cadets and faculty to discuss their role in and learn about cybersecurity – to the cyber squadron initiative. The latter is transforming communications squadrons into cyber squadrons at Air Force bases to act as the active defense entities at the tactical level of warfare with defense in depth.

Lastly, Kim mentioned the need to acquire new cyber-resilient tools. While this starts with the acquisition process, it also involves continually updating systems, software and patching. The industrial base must also take notice of these changes, Kim said, and alter their approaches in how they interact with the government, citing innovation as an example.