1

The Air Force Has a New Cyber Security Defense Plan

The Air Force Has a New Cyber Security Defense Plan

Adversaries who want to steal American data should beware.

The Air Force is refining new cloud-oriented cybersecurity technologies to safeguard vulnerable data networks and strengthen defenses against increasingly sophisticated AI-enabled cyber attacks.

Air Force cloud migration, designed to reduce a hardware footprint, enable broader data access and engender greater levels of combat interoperabiity, is seeking to benefit from various technical upgrades to keep pace with fast-evolving new cyber threats. This includes development of multi-mode authentication techniques, software-reliant network upgrades, new patches and new cyber defenses fortified by the latest AI-related innovations.

“In preparation for the cloud migration process, we put systems through intense scrutiny and analysis to determine how and if they should be modernized to meet the needs of a new Digital Air Force,” Maj. William “Bryan” Lewis, Air Force spokesman, told Warrior Maven.

Lewis added that emerging security approaches will “deploy tools, tactics, and techniques to counter AI as well as conventional cyberspace attack methods.”

AI-driven cyberattacks present a new sphere of risks for data networks because they can launch massive amounts of attacks at one time and, of even greater consequence, find vulnerabilities faster by virtue of an ability to gather, interpret, organize and analyze network defenses.

Among other things, migration to the commercial cloud removes barriers to combat-relevant information sharing in real time by reducing a need for stovepiped servers and networks -- and instead enabling instant access across otherwise disparate networks, databases and information systems.

For example, cloud access could allow an Air Force pilot to access needed additional intelligence to inform targeting, mission planning or other time-sensitive information. By extension, utilizing AI would not only facilitate rapid access to otherwise separate networks and hardware systems, but also perform real-time analytics designed to organize and deliver information against historical volumes of data. This, naturally, massively streamlines mission effectiveness.

“The Air Force is benefitting from a reduction of operations complexity and the costs associated with moving to commercial cloud solutions. From a combat operations vantage point, getting to the cloud means the Air Force is less impacted by points of failure,” he explained.

In effect, Lewis here refers to what might be called a “double-edge” sword, or duality, meaning that cloud-migration brings both security advantages and challenges. The cloud can increase security because many nodes will still be operational and accessible should one particular entry point be compromised. Yet, singular points of entry might run the risk of exposing an attacker to a wider swath of information to steal. Cloud migration can also benefit from many protective measures extending far beyond “perimeter security” and, by virtue of increased virtualization, patch, protect or upgrade across entire networks with one “fix.”

 

An interesting 2012 essay, called “Addressing Cloud Computing Security Issues,” seems to anticipate this evolving predicament, namely that maximizing access through cloud applications can accentuate vulnerabilities. However, the essay -- from a text called “Future Generation Computer Systems” -- also states that the “homogeneous resource pooled nature of the cloud” can allow for far-reaching applications of security procedures.

For instance, the point raised in the essay aligns with some of the concepts inspiring DoD’s accelerated cloud migration and move to Windows 10. Underway now for several years, the Pentagon’s ongoing move to Windows 10 is, by design, intended to enable networks to quickly access the most current patches and security "fixes" made necessary by emerging threats.

 

“One of the biggest risks is an unpatched old windows server in the cloud. The cloud is, by nature, characterized by accessibility...you can access it anywhere…. which creates the challenges,” Sean Frazier, Federal CISO, Duo Security Business Unit, Cisco, told Warrior Maven in an interview.

Also, when it comes to cloud operations, growing use of AI and automation can lead toward more real-time analytics, identifying anomalies more quickly and reaching entire networks quickly with new virtualized, or software-driven security enhancements.

As part of an aggressive effort to address challenges associated with cloud-migration, the Air Force has stood up specialized “Cyber Squadrons,” trained units established to help the service identify threats, train with new defenses and help foster improved “cyber hygiene.”

Current techniques include the greater use of encryption, stronger passwords and use of “dual” or “multi-mode” authentications engineered to better protect network access. The Cyber Squadrons, created a few years ago, are now accelerating a specific focus on recognizing and thwarting automated attacks and AI-empowered intrusions.

A large percentage of successful intrusions, according to most available research, result from stolen credentials, hacked passwords and other kinds of identity-oriented access breaches. Therefore, not surprisingly, identity and user authentication technologies are on a fast track to leverage cloud advantages without compromising security.

“Most attackers are attacking user credentials,” Frazier said.

Many leading industry cloud developers, such as Cisco systems, are seeking to address these challenges through “zero trust” cybersecurity verification approaches. These techniques seek to strengthen protections through the use of multi-layered authentication procedures to thwart intruders and ensure safe access. Describing the need for what he called “elastic” security, Frazier emphasized that multi-mode authentication can be engineered technical flexibility necessary as threats change.

“Zero-trust network means not trusting anything inherently and, for instance, not trusting traffic just because it comes from a particular network,” Frazier said.

There are a variety of methods to introduce “secondary authentication,” Frazier said, which can include biometrics, thumb prints, messaging, texting or security questions, among many other things.

Cisco’s approach, engineered to “bake in” cloud-specific security protocols at the earliest point in the technical development process, is entirely consistent with written comments from the Navy’s Cyber Security Director in an Oct. 2018 Navy essay called “Cybersecurity in the Cloud.” The essay, by Rear Adm. Danelle Barrett, explains that when the “cybersecurity piece is built into the development and fielding process in the cloud from the onset….it improves protection of information.”

“Zero-trust” strategies, requiring additional measures of verification, can also help create secure “data separation” within the cloud, according to an essay in “Information Age” titled “How to Approach Cloud Computing and Cyber Security in 2018.” The text states that the best cloud-based apps “can guarantee that the data is separated based on the role of each person that has access to the cloud.” Secured corridors or areas of access within the cloud itself, based on data separation, could ensure broad availability yet also increase security.

Multi-mode authentication security strategies are also intended to strengthen defenses against automated attacks, some of which use algorithms generating 1,000 attacks per minute. Without the requisite multi-faceted credentials and verifications, thousands of rapid, computer generated attacks may yield little results.

The growing promise of some of these kinds of cloud-oriented security protocols are prompting a large consortium of industry developers to “speed-up” both cloud migration and increased cloud-based security technologies. The project, called “Mission Mobility,” is intended to increase the “speed” at which commercial cloud technologies can leverage cloud benefits while keeping pace with more and more innovative types of attacks. The Mission Mobility effort involves a handful of tech giants to include Cisco, Amazon and Apple, among others.

This article by Kris Osborn originally appeared in DefenseMaven in 2019.

Kris Osborn previously served at the Pentagon as a Highly Qualified Expert with the Office of the Assistant Secretary of the Army - Acquisition, Logistics & Technology. Osborn has also worked as an anchor and on-air military specialist at national TV networks. He also has a Masters Degree in Comparative Literature from Columbia University.

Image: Wikimedia