Wednesday, October 27, 2010

AF Cyberspace Doctrine and ICS Security

Thanks to the folks over at I was directed at a copy of a relatively new US Air Force doctrine manual, Cyberspace Operations, AFDD 3-12. As with most doctrine type manuals it is full of flowery language describing generalities about warfare. Not much there for cyber security in general or chemical facility security specifically. However, there are a few items of interest to our communities.

AF Support for Domestic Operations

There has been much made of the recent DHS-DOD memorandum of understanding about cybersecurity operations in the US. There are elements within this country that greatly fear any US military operations within the United States as a major threat to civil liberty. This doctrine manual very briefly addresses domestic operations (pgs 36-7).

The Air Force does little to defuse the concerns noted above when it says:

“Attack and exploitation operations in an HD scenario may involve complex legal and policy issues; however, these issues do not prevent the application of attack and exploitation operations for HD, but temper it.”
Taken out of context this sounds disturbingly like a willingness to use ‘cyber forces’ against US civilians. Terms like ‘attack and exploitation operations’ raise red flags and provide a shot of adrenaline to anti-government radicals. It is typical that a military writer would not recognize the emotionally laden connotation of those words. It certainly would have been less loaded to say ‘Cyberspace operations’ instead of ‘Attack and exploitation operations’.

Reading on further on the same page we see a more reasonable clarification of what types of operations and under what control the Air Force would operate in defense of the homeland.

“Properly implemented cyberspace operations support defense of the homeland. When a domestic incident occurs, the escalation processes inherent in civil support procedures are implemented. A non-DOD civilian agency is in charge of civil support incidents, and military assistance is provided through a relationship similar to direct support, as articulated in civil support agreements and the Standing civil support EXORD [Executive Order]. In all cases, the Air Force is prepared to support homeland operations through intelligence and information sharing within the appropriate legal framework.”
They then go on to describe efforts that the Air Force undertook to re-establish ‘cyberspace infrastructure’ after Hurricane Katrina:

“Based on their expertise for establishing the cyberspace domain, Air Force combat communications groups deployed throughout the Gulf region to reconstitute the cyberspace domain and allow military and US government organizations to communicate and be connected for situational awareness and C2[command and control].”
Ten Things Every Airman Must Know

One of the things that this document makes very clear is that everyone in the Air Force has an important role to play in cyberspace operations, regardless of in which command they may serve. The Air Force has always been a very technology oriented organization and that has never been more true than today. It is important for everyone in the Air Force to understand that they have an individual responsibility for defending their local piece of cyberspace.

While this is apparent throughout the document it is specifically addressed in Appendix A, Ten Things Every Airman Must Know (pg 39). This list could easily be adapted by any company to apply to all of their employees. With that said, here is the Air Force list.

1. The United States is vulnerable to cyberspace attacks by relentless adversaries attempting to infiltrate our networks at work and at home – millions of times a day, 24/7.

2. Our enemies plant malicious code, worms, botnets, and hooks in common websites, software, and hardware such as thumbdrives, printers, etc.

3. Once implanted, this code begins to distort, destroy, and manipulate information, or “phone” it home. Certain code allows our adversaries to obtain higher levels of credentials to access highly sensitive information.

4. The enemy attacks your computers at work and at home knowing you communicate with the Air Force network by email, or transfer information from one system to another.

5. As cyber wingmen, you have a critical role in defending your networks, your information, your security, your teammates, and your country.

6. You significantly decrease our enemies’ access to our networks, critical USAF information, and even your personal identity by taking simple action.

7. Do not open attachments or click on links unless the email is digitally signed, or you can directly verify the source—even if it appears to be from someone you know.

8. Do not connect any hardware or download any software applications, music, or information onto our networks without approval

9. Encrypt sensitive but unclassified and/or critical information. Ask your computer systems administrator (CSA) for more information

10. Install the free Department of Defense anti-virus software on your home computer. Your CSA can provide you with your free copy.
I think that the last item is very interesting. Knowing that it is almost inevitable that personnel are going to bring their personal electronic devices to work, it seems that the Air Force is trying to proactively prevent those devices from being an attack route to their electronic systems by including them under the same defensive umbrella. This is certainly an idea worthy of emulation in the private sector.

All in all this is an interesting document if you can read through the Air Force speak. I have been away from the military (Army in my case) for about 20 years now and the language still brings back many memories. The vocabulary of buzzwords has changed, but the same stilted phrasing is still in use.

No comments:

/* Use this with templates/template-twocol.html */