全球智库信息集成服务系统

Key Findings

1. Current policies are better suited to simple, stable, and predictable environments than to the complex, rapidly changing, and unpredictable reality of today's cybersecurity environment.
2. Implementation of cybersecurity is not continuously vigilant throughout the life cycle of a military system.
3. Control of and accountability for military system cybersecurity is spread over numerous organizations and is poorly integrated.
4. Monitoring and feedback for cybersecurity is incomplete, uncoordinated, and insufficient for effective decision-making or accountability.

Air Force weapon systems today are heavily reliant on complex software and high interconnectivity to perform their missions. Cyber capabilities enable many of the advanced features (e.g., electronic attack, sensor fusion, and communications) that give the Air Force its edge over potential adversaries. But they also create potential opportunities — and incentives — for adversaries to counter U.S. advantages through cyberattacks. For example, a sophisticated adversary may seek to discover and exploit vulnerabilities in an aircraft's software, supporting systems, or supply chain in order to gain intelligence or to sabotage operations. Nor are the potential risks limited to the newest and most advanced systems: Legacy aircraft, which make up the majority of Air Force inventory, are also exposed to attack from evolving cyber threats and must remain vigilant.