28 May 2016

Mindful of the Snowden effect, the Air Force moves closer to cyber's private sector

May 25, 2016 

The Air Force is reviving its annual information technology conference in Montgomery, Alabama, which has been dormant since 2012 due to budget constraints, and the rebranded event has a new focus on cybersecurity.

Air Force leaders are encouraging airmen and officers with all sorts of job descriptions, not just cyber professionals, to attend and build relationships with their counterparts in the private sector. The reason? So together they can defend America’s networks.

“We want to create a relationship where we are already constantly working together,” said Col. Ronald Banks, vice commandant of Air War College and director of the Air University Cyber College. "If we have to exchange business cards at the time of a catastrophe, we’re so far lost, we are hopeless."

Participants will not be conducting war games, Banks said. Instead, they'll team with civilian cybersecurity professionals who operate in the financial, tech, telecommunications, energy and retail domains. Such collaboration can be a challenge, Banks said, alluding to the hesitation some private entities feel about working too closely with the government. He cited Edward Snowden, the ex-government contractor who leaked classified information about the United States' secretive surveillance programs that leverage data gathered by major telecommunications companies.

"He highlighted the partnership that government had with certain private industries and how, when that once-secret relationship [became] public knowledge, [it] really hurt the financial bottom line of many corporations because of the perception that private industry was partnering with 'Big Brother,'" Banks said. "That doesn't always go over well with customers."

The conference will aim to foster dialogue that could help shape national network protection strategies and compel lawmakers to enacting tougher policies.

"During [a] conference, you get a lot of great speakers who talk on the topic and we tend to just admire the problem," Banks said. "We’re going to go beyond ... and look at how can we bring not just Air Force cyber experts together, but ... other federal government entities, along with specific, private industry partners, to have a discussion about where we are as a nation, where we are defending the nation, defending U.S. critical infrastructure, where could we go in the future, and how can we work together to get to ... whatever that future state is."

Airmen will get a seat at the collaboration table through different breakout sessions and courses. Some of those courses, like the information technology course, will provide professional military or continuing education credits for airmen or civilians already in the cyber-training pipeline, said Dr. Panayotis "Pano" Yannakogeorgos, dean of the Cyber College.

“The plan is to have 50 people in a breakout session, with a core team in the center, ... and other participants around working toward specific researched questions," Yannakogeorgos said. "It’s not just for the 17D or 13S [cyberspace operations officer or space and missile operations Air Force Specialty Codes]. "We want pilots, enlisted folks ... short answer, everyone. It’s open to their interests."

The challenge today is that neither government nor commercial industry can go it alone, Banks said.

"We need to be able to understand what they see. What are the tactics?What are they seeing that [would] help us build a better picture?

"If we’re able to — at the government level — work at denying or defeating those sophisticated threats, that frees up private industry’s bandwidth to contend with the lower level threat in a more effective way. That partnership doesn’t currently exist like that."

By seeing and understanding the objectives of a malicious hacker, Banks explained, the U.S. could craft ways to put pressure on the cyberpunks. Some consequences could go beyond the cyber world, such as imposing sanctions or tariffs on countries that sanction such attacks.

The military-civilian partnership needs to develop a methodology for approaching each specific threat —from countries like China, Iran and Russia, to name a few — but right now no tailored strategy exists, Banks said.

“We have a lot of documents with the word strategy in their title, but they aren’t strategies. Until we actually build a strategy that looks at it this way, then … we’re always going to be shooting in the wind and hoping something works, when we really don’t have a methodology for how to approach each specific threat.”

More than 2,000 people are expected to attend this year's Air University-led conference, from Aug. 29 to 31, according to the AFTIC website. They will leave understanding that this issue isn't just an IT network security problem, but a serious threat to national security, Banks and Yannakogeorgos explained.

"They will head back to their organizations and re-examine what they’re doing," Banks said. "Throughout the next 12 months, as we work toward the next conference, we can work at identifying where ... we can actually evolve our capability to possibly change the paradigm of the malicious cyber actors," Banks said.

"This can also translate into opportunities after the military for these airmen," he said.

Oriana Pawlyk covers deployments, cyber, Guard/Reserve, uniforms, physical training, crime and operations in the Middle East and Europe for Air Force Times. She was the Early Bird Brief editor in 2015. Email her at opawlyk@airforcetimes.com.

No comments: