Cyber’s role in Air Force’s premier training exercise: Red Flag

snagfilms-a.akamaihd.netradar-red-a67bdede1fe2a779da1cf9e81145ebe448c6da4d-1.jpg

As the old adage goes, practice like you play. As such, cyber forces have become an integral part in the Air Force’s premier realistic combat training exercise typically held four times each year.

“We are bringing the non-kinetic duty officers into the fight at Red Flag,” Lt. Col. Neal, chief, current operations, 25th Air Force, said. “These experts in ISR and cyber warfare are the newest weapons in our command and control arsenal.”

Neal stressed the importance of bringing non-kinetic elements to the fight as the services are transitioning to multi-domain battle. “The new face of warfare includes land, sea, air, space and cyber,” he said.

Air Force cyber teams have been integrated in Red Flag since 2009, a spokesperson from 24th Air Force said. The Air Force’s cyber element is made up of personnel from both 24th and 25th Air Force. Personnel from 25th Air Force provide cyber intelligence, surveillance and reconnaissance while personnel from 24th Air Force provide cyber operations and effects resulting in a 60/40 split of personnel from each numbered Air Force, respectively, to make up the roughly 1,700 AFCYBER workforce.

Cyber forces began in 2009 with a small contingent of 57 information aggressor squadron teams acting as red teams against operators in the Combined Air Operations Center at Nellis, the spokesperson said via email. Defensive cyber teams were then added.

Cyber mission teams, whose role is to defend the nation from cyberattacks, were added in the 2014-2015 timeframe to conduct full spectrum operations, integrating non-kinetic effects with kinetic operations and working with coalition partners. For example, in 2015, the Air Force looked at how to defend a s upervisory control and data acquisition, or SCADA/industrial control system at Red Flag, the 24th spokesperson said.

Defensive and offensive teams operate remotely from their home stations as well as at Nellis, where the main event is held, Jose Delgado, cyber-ISR subject matter expert at 25th Air Force said. Members from 24th Air Force, operating from Lackland Air Force Base in Texas, operate and defend the Air Force Information network at the CAOC-Nellis while offensive cyber operations executed from 24th and 25th cyber mission teams are executed at home station and Nellis.

Offensive teams work to infiltrate networks and disrupt data, Delgado said, representing adversary forces Blue teams must defend against.

Aside from the role of Cyber Command, each service has cyber components to address inherent challenges for their respective missions. The Air Force is no different.

“There’s a clear recognition that our service needs an organic cyber capability to get after much of what Cyber Command … just doesn’t have the bandwidth to do or simply not in their charter, and it’s critical [to the] Air Force,” Air Force CIO Lt. Gen. William Bender said.

This organic capability revolves around the Air Force’s five core missions – air and space superiority, intelligence, surveillance and reconnaissance, rapid global mobility, global strike and command and control – and focuses on mission-specific tasks in the air domain. CYBERCOM, Bender said, is concerned with big problems and high-end warfare, such as protecting missile defense systems and air defense systems and assuring the nuclear enterprise and space enterprise.

Red Flag is now used to validate training objectives for cyber mission force teams at Cyber Command. Each individual and team must meet certain training objectives in order to be validated at initial and full operational capability. The CMF reached initial operational capability in October, though slightly behind schedule.

The CMF is slated to reach FOC at the end of 2018.