全球智库信息集成服务系统

• The ability of a wing-level organization to survive and operate when under cyber attack is fundamentally a mission assurance problem, not a cybersecurity problem.
• It is complicated by the complexity of the cyber environment and the lack of actionable feedback on what works and what does not.
• Nearly any system can be attacked, so nearly every mission element is susceptible.
• Exactly how to make operations robust to cyber attacks is an unsolved problem; wings need to continuously learn and adapt as the cyber landscape continuously evolves.
• Cyber mission assurance tasks should be apportioned among all units within a wing, not assigned to one unit.
• All cyber mission assurance tasks need to be done during peacetime and wartime. To be effective during the worst attacks, strategies must be able to meet wartime needs.
• Each wing-level organization needs a detailed understanding of its mission structure.
• Training for cyber terrain mapping of wing-level missions needs to represent the types and complexities of real missions.
• Intelligence organizations might not have the necessary resources to support an increase in demand from MDTs.
• The focus of management at the wing level should be those aspects that it knows best and for which the ability to adapt when under attack exists only locally.
• The ultimate responsibility for cyber mission assurance in a wing lies with the wing commander, who must know how to use MDTs, what roles to assign to other individuals and units within the wing, and how to foster the right culture.

Military systems and operations have become increasingly dependent on interconnected electronics and data. As that dependence grows, so too does the need for mission assurance in the face of adversarial operations through cyberspace.

A key nexus for mission assurance lies at the organizational wing level (wings, deltas, and Air Operations Centers), where operational and support activities come together to produce Department of the Air Force missions. Wing-level organizations need to assure their missions despite cyber attacks, but current initiatives to empower wings to this end are in their infancy.

The authors of this report recommend workable, effective strategies for how the Department of the Air Force can better organize, train, and equip to this end. They focus on four strategic lines of effort: to defend the wing's systems; to respond to and recover from cyber incidents; to maintain resiliency of the wing's missions when systems fail; and to maintain sufficient situational awareness to make decisions to accomplish defense, response and recovery, and resiliency.

More specifically, the authors discuss tasks for each of these strategies and identify current deficiencies, along with potential remedies, in each task group. Not every task can be done at the wing level, but the wing will play key roles in each. The authors discuss which roles should be performed at the wing level and which should be performed elsewhere. They also offer recommendations regarding the best use and constitution of Mission Defense Teams (MDTs), whose goal is to assist wing-level commanders in maintaining mission assurance.

• Chapter One

  Background

• Chapter Two

  Empirical Observations at the Wing Level

• Chapter Three

  Recommendations for Mission Assurance at the Wing Level

• Chapter Four

  Managing Cyber Mission Assurance at the Wing Level

• Appendix

  Wing-Level Interview and Analysis Methods