New Air Force cyber doctrine stresses resilience
The directive from Air Force Secretary Deborah Lee James instructs cyber operatives to fight through digital onslaughts from adversaries.
A new Air Force directive makes clear that the service's cyber operatives are expected to keep networks running in the face of hacking attacks.
The Air Force shall "develop weapons systems, capabilities, and [tactics, techniques and procedures] to 'fight through' enemy offensive cyberspace operations to ensure continued mission assurance in hostile cyber environments," Air Force Secretary Deborah Lee James declares in the directive.
The April 12 document tasks Air Force personnel with "fully exploiting the man-made domain of cyberspace" to support Air Force missions.
The instruction shows how the Air Force is adapting its organizational structure to a domain that shapes operations from beginning to end. The sweeping instruction covers all Air Force IT systems and infrastructure.
The new policy also highlights the power of select officials: the service's deputy chief of staff for operations, for example, is charged with both developing policies for defensive and offensive cyber operations, and with integrating intelligence and cyber operations.
The directive wants both greater data sharing and enhanced security -- and apparently assumes that any tension between those goals in manageable.
"Data, information, and IT services will be made visible, accessible, understandable, trusted, and interoperable throughout their lifecycles for all authorized users," the document says.
An accompanying directive covering "information dominance governance and management" lays out how the Air Force will align various cyber programs and capabilities. That memo also instructs personnel to test and evaluate all IT for interoperability and, "as necessary, determine tradeoffs among mission effectiveness, cybersecurity, efficiency, survivability, resiliency and IT interoperability."
Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, welcomed the release. Military cyber doctrine "has become one of a number of significant policy areas in which [the Obama] administration is demonstrably 'more transparent' than its predecessors," Aftergood wrote in a blog post about the directive.
Former cybersecurity specialists in the Air Force have called on the Pentagon to be more transparent in declassifying discussions of cyber doctrine.
The National Security Agency has the last word on the classification of certain cybersecurity-related information. A new memo from the Committee on National Security Systems, a government body chaired by DOD CIO Terry Halvorsen, reminds agency heads that they need to consult with NSA when developing classification guides for information on the cybersecurity of national security systems.