Security News > 2011 > March > Red Flag cyber operations: Part II - Cyber operators stand against red team 'aggressors'

Red Flag cyber operations: Part II - Cyber operators stand against red team 'aggressors'
2011-03-14 06:06

http://www.afspc.af.mil/news/story.asp?id=123246419 By Tech. Sgt. Scott McNabb 24th Air Force Public Affairs 3/11/2011 NELLIS AIR FORCE BASE, Nev. -- It's not supposed to be easy. For the first time in Red Flag exercise history, cyber and space operators are a fully integrated part of the friendly forces "blue team" that defend the interest of the United States and her allies against the aggressors of the "red team." "It's imperative that our operators are faced with difficult scenarios. The intent is that they learn from the high pressure scenarios to rapidly and deliberately integrate their unique skills and capabilities with air and space forces to better prepare them grow as cyber operators and as leaders," said Col. Mark Ware, 24th Air Force director of operations. "When the other Airmen participating in Red Flag see the impact on flying and space operations with and without cyber support, they should better understand what their cyber teammates bring to the fight and how we can all work together to defeat our adversaries." Initial results from the realistic combat training exercise indicate the blue team's cyber operators made it through early struggles to reach mission success and, in some cases, shut down various red team capabilities before they were employed. "The way I see it, in ancient Greek or Roman times, warriors wore 60 to 70 pounds of armor," said 2nd Lt. Louis Murphy, who belongs to the 33rd Network Warfare Squadron, but served as commander for the blue team, working out of the Information Operations range, located at Lackland Air Force Base, Texas. "Today in Iraq and Afghanistan, they also wear about 60 to 70 pounds of body armor. It's a lot better armor, but it's never perfect. The same is true for cyber. No matter what program you have, it won't be perfect. You adjust and get better." Red team's cyber aggressors are formidable and push the blue team to their very limits. Elements of Red Flag's cyber red team include: - Detachment 2, 318th Information Operations Group, charged with creating an exercise scenario that will allow for realistic cyber play and integration with standard kinetic operations; - The 57th Information Aggressor Squadron provides the cyber targets for U.S. Air Force cyber warfighters; - The 177th Information Aggressor Squadron, Kansas Air National Guard, is the sister squadron to the 57th IAS. These units along with some individual Reserve Airmen provide a wide breadth of opposition for the blue team to lock horns with. Capt. Christian Fisher, Det. 2 Exercise Flight commander, said he and others worked on scenarios for months to optimize the training experience. "It is important for cyber operations to be included in Red Flag so that members of the cyber community can plan and execute a mission alongside the air and space operations communities," said Captain Fisher. "Without integrating those three, no one outside the cyber community is ever going to know where cyber operations are going to be beneficial because they will have no idea what the cyber community is capable of. In order to make cyber operations as effective as they can be they need to be integrated with air and space operations, and the first step of that integration is participating in large force exercises like Red Flag where non-cyber operators can see what cyber brings to the fight." "Seamless integration of joint operations is the ultimate goal for these new efforts in Red Flag," said Maj. Gen. Richard Webber, 24th Air Force commander. "We are elevating the level of training to new heights, in order to learn how to best employ our operational forces to achieve desired effects for the joint and coalition teams." Captain Fisher said the impact of including cyber operations in Red Flag is that it allows for more solutions to the tactical problems that are presented to the exercise participants. "In some cases cyber operations may allow for a similar but less persistent effect on a target set than dropping a bomb, which may be more beneficial in the long term depending on what the desired end state is," he said. "It's really how Red Flag continues to be a premier training event for the Air Force even as the operational environment changes based on the evolution of technology." Maj. Frank Lyons, 57th IAS team chief, gave an example of a possible scenario his red aggressors would test the blue team with. "We (the red team) set up a cyber café where a terrorist is uploading the latest propaganda video to a server so all his buddies can see it," he said. "The blue forces would do something to either prevent the video from being seen, or to prevent the terrorist from having Internet access." Each cyber aggressor team varies in size according to the mission. For Red Flag 11-3, there are 24 team members operating as the adversary. Maj. Drew Bjerken, 177th IAS Weapons and Tactics Flight commander and overall Red Flag 11-3 red team mission commander, said he looks forward to presenting a cyber adversary that is reactive and in some cases aggressive rather than only providing targets as in years past. The majority of the red team offensive cyber operators come from the 177th IAS while the majority of the red team defenders belong to the 57th IAS. "Allowing red to go offensive presents blue net defenders their first opportunity to integrate so deeply into Red Flag," said Major Bjerken. "This integration is key, as Air and Space Operations Centers commanders know what to do when they are under attack by air or ground forces, but often they are unaware of how to react and what needs to be done when under attack by cyber forces." Chief Master Sgt. Kevin Slater, 24th Air Force command chief, said operations integration may be the most important success story of this exercise. "Cyber's integration into Red Flag is as much about educating our air and space teammates on the critical mission assurance attributes of cyber as it is an opportunity to further our efforts to operationalize the cyber domain and the cyber warriors who operate in it," he explained. Cyber operators taking part in Red Flag didn't happen overnight. Captain Fisher said he, personally, has been integrating cyber operations into U.S. Warfare Center exercises, to include Red Flag, for two years now. He said Det. 2, 318th IOG has been doing this for almost six years. "This was the next logical step as we continue to mature Air Force cyber operations. We are building a "Culture of Cyber" in the Air Force, structuring cyber training in the model of air and space operations training," said General Webber. "Red Flag is the best tactical exercise in the world and adding cyber to the 'fight' made sense because the cyber domain is integral to the Air Force's ability to fly, fight and win. Our operators are getting right alongside their air and space counterparts, testing their abilities in realistic wartime situations. This will make Red Flag more realistic and train our Airmen to make the right decisions when things get tough." Captain Fisher said a successful exercise is one where the participants learn something. He wants cyber operators to walk away from this exercise with a better understanding of operations outside of the cyber community, based on their interaction with everyone else during this exercise. "I think the biggest area for improvement for the cyber community is going to come from the lessons that we learn in running the command and control of cyber operations within the AOC," he said. "Currently there exist a handful of theories on how to best integrate and control cyber operations within the AOC; this will be one of the first exercises where we will be executing operations based on some of those theories. When the exercise is done, we should be able to walk away with a much clearer understanding of where cyber operations fits into the AOC structure and what the best way to C2 cyber operations within the AOC is." The final week of Red Flag 11-3 is underway and cyber inputs will add the crescendo to this unique exercise. General Webber said he looks forward to studying the results of the exercise, and is thankful the men and women in cyber operations will be able to take their experiences back with them. "The red team is truly testing the skills of our blue team members, but the blue team continues to counter the attacks and strengthen the defense," he said. "As tactical cyber involvement grows within Red Flag and more of our operators get the opportunity to take part in the exercises, we will create a more seasoned, battle-ready cyber force. I hope that our cyber, space and air operators all come away from this exercise with an appreciation for each other's missions, and bring back to real-life operations a sense of how to better coordinate and integrate for greater operational results." (Editor's Note: This is the second story in a series about Air Force cyber operators taking exercise inputs in Red Flag.)


News URL

http://www.afspc.af.mil/news/story.asp?id=123246419