U.S. Air Force Cyber (AFCYBER)
In December 2005, Secretary of the Air Force Michael W. Wynne and Chief of Staff General T. Michael Moseley unveiled a new mission statement for the United States Air Force:
“The mission of the United States Air Force is to deliver sovereign options for the defense of the United States of America and its global interests—to fly and fight in air, space, and cyberspace.”
That new mission statement highlighted the increasing importance of cyber operations in the U.S. Air Force and served as the Air Force’s acknowledgment of that domain. The new mission statement also marked the beginning of a process that would lead to the establishment of Twenty-Fourth Air Force (24 AF) as the operational level organization responsible for conducting the full range of cyber missions for the U.S. Air Force and for providing forces to combatant commanders in support of military operations.(13)
In 1953, the Air Force designated the Air Force Special Communications Center (AFSCC) and assigned it to USAFSS which focused on five key areas. First, AFSCC produced and disseminated long-term intelligence data for USAFSS and the Air Force. Second, AFSCC oversaw the USAFSS School for intelligence specialists. Third, AFSCC provided technical guidance and operational assistance to USAFSS units in the field. Fourth, AFSCC assisted the USAFSS Deputy Chief of Staff for Operations with developing and testing operational procedures and techniques in support of both the USAFSS mission and Air Force intelligence efforts. Fifth, AFSCC directed and monitored operation of the Special Security Office system.
In 1969 when AFSCC ceased processing communications intelligence altogether. Following the loss of its communications intelligence mission, AFSCC shifted its focus to analyzing electronic warfare efforts using signals intelligence inputs. AFSCC soon commenced production of electronic warfare evaluations known as COMFY COAT reports. The reports gradually expanded in scope as electronic warfare gained prominence within the Department of Defense and eventually included findings related to Army, Navy, and Marine Corps electronic warfare capabilities.
To better reflect its critical role within electronic warfare, the Air Force redesignated AFSCC as the Air Force Electronic Warfare Center (AFEWC) on 1 July 1975 and changed its status from a temporary provisional unit to an establishment. The Air Force assigned AFEWC to the Electronic Security Command (formerly USAFSS) where it focused on exploring new and state-of-the-art electronic warfare technologies to counter the command-and-control systems of potential adversaries. Additionally, AFEWC made significant strides in the analysis of defense suppression techniques for Air Force assets. By the middle of the 1980s, AFEWC had emerged as the primary source of electronic warfare and command, control, and communications countermeasures analysis and advice for the Air Force. AFEWC also employed cutting-edge technologies, such as computers with high-speed microprocessors, to provide senior battle commanders with analytical reports on the use of electronic warfare in exercise and real-world scenarios. These contributions eventually played a crucial role in the effective use of electronic warfare during Operation DESERT STORM in the early 1990s.
The success of Operation DESERT STORM persuaded senior military leaders that electronic warfare capabilities could combine with the strategies and tactics of command-and-control warfare to enable operations across the entire information spectrum. The resulting emphasis on information warfare prompted the Air Force on 10 September 1993 to integrate AFEWC, technical expertise from the Securities Directorate of the Air Force Cryptologic Support Center, and intelligence skills from the Air Force Intelligence Command (formerly Electronic Security Command) to create the Air Force Information Warfare Center (AFIWC). The new organization served as the Air Force’s center of excellence for information superiority. In that capacity AFIWC explored, applied, and migrated offensive and defensive information warfare capabilities for operations, acquisition, and testing. AFIWC also provided advanced information warfare training for the Air Force and continued its support of warfighters in contingencies and exercises through quantitative analysis, modeling and simulation, and database and technical expertise in communications and computer security.
The inclusion of cyberspace as a separate warfighting domain in the Air Force mission statement unveiled on 7 December 2005 prompted military leaders to rethink and broaden the information warfare concept, resulting in a new emphasis on information operations. This emphasis translated into yet another organizational change in October 2006 when the Air Force redesignated AFIWC as the Air Force Information Operations Center (AFIOC). AFIOC focused on both the innovation and integration of information operations and maintained responsibility for creating information operations capabilities to meet requirements for missions in air, space, and cyberspace. Additionally, AFIOC personnel performed information operations analysis for combat operations, targeting, and acquisition programs. In addition to exploring, demonstrating, and exercising information operations capabilities, AFIOC tested weapons, developed tactics, trained forces, and assessed information operations vulnerabilities of units and systems for both offensive and defensive counter-information missions. In 2007, the Air Force reassigned AFIOC from the Air Intelligence Agency (formerly the Air Force Intelligence Command) to the Air Combat Command (ACC) as part of the 8th Air Force.
On 18 August 2009, the Air Force reassigned AFIOC to the Air Force Space Command’s (AFSPC) new 24th Air Force and redesignated it as the 688th Information Operations Wing (688 IOW). The new wing boasted two groups, the 38th Cyberspace Engineering Group and the 318th Information Operations Group, creating a multi-disciplined organization capable of delivering proven information operations and engineering installation capabilities integrated across the air, space, and cyberspace domains in support of the joint warfighting team.
On 13 September 2013, AFSPC redesignated the 688 IOW as the 688th Cyberspace Wing—the first Air Force wing designated as a cyberspace wing. With the activation on 1 December 2015 of the 688th Cyberspace Operations Group at Scott AFB, Illinois and the follow-on activation of its full complement of five cyberspace operations squadrons, the wing stood at three groups, fifteen squadrons, four detachments, and one operating location. Its personnel operated out of seven locations across the continental United States: Joint Base San Antonio–Lackland, Texas; Tinker AFB, Oklahoma; Scott AFB, Illinois; Keesler AFB, Mississippi; Hurlburt Field, Florida; Nellis AFB, Nevada; and Fort George G. Meade, Maryland.(14) With its new designation came a new mission:
“To deliver Asymmetric Advantage; to achieve air, space, and cyberspace superiority in the most efficient and innovative way possible.”
Cyber Wingman Principles (2009)
The "Rise of the Cyber Wingman" philosophy incorporates the following 10 guiding principles every Airman needs to know and use to secure cyberspace.
1. The United States is vulnerable to cyberspace attacks by relentless adversaries attempting to infiltrate our networks -- at work and at home -- millions of times a day, 24/7.
2. Our adversaries plant malicious code, worms, botnets and hooks in common Web sites, software and in hardware such as thumb drives, printers, etc.
3. Once implanted, this code begins to distort, destroy and manipulate information, or it "phones" it home. Certain code allows our adversaries to obtain higher levels of credentials to access highly sensitive information.
4. The adversary attacks your computers at work and at home knowing you communicate with the Air Force network by e-mail or by transferring information from one system to another.
5. As cyber wingmen, you have a critical role in defending your networks, your information, your security, your teammates and your country.
6. You significantly decrease our adversaries' access to our networks, critical Air Force information, and even your personal identity, by taking simple action.
7. Do not open attachments or click on links unless the email is digitally signed, or you can directly verify the source, even if it appears to be from someone you know.
8. Do not connect any hardware or download any software, applications, music or information onto Air Force networks without approval.
9. Encrypt sensitive but unclassified and/or mission critical information. Ask your computer security administrator, or CSA, for more information.
10. Install the free Department of Defense anti-virus software on your home computer. Your CSA can provide you with your free copy.
Air Force Cyber Weapons Systems
The Air Force has seven weapon systems in inventory. Six of the seven have unclassified descriptions and are briefly described below.
1) Cyberspace Defense Analysis (CDA): The Air Force Cyberspace Defense Analysis (CDA) weapon system conducts Defensive Cyberspace Operations by monitoring, collecting, analyzing, and reporting on sensitive information released from friendly unclassified systems, such as computer networks, telephones, email, and USAF websites. CDA is vital to identifying Operations Security (OPSEC) disclosures. The CDA weapon system is operated by three Active Duty units [68 Network Warfare Squadron (NWS), 352 NWS, 352 NWS Det 1] and two Reserve units [860 Network Warfare Flight (NWF) and 960 NWF] located at Joint Base San Antonio Lackland TX, Joint Base Pearl Harbor Hickam Field HI, Ramstein AB GE, Joint Base San Antonio Lackland TX, and Offutt AFB NE, respectively.
2) Cyber Security and Control System (CSCS): The Air Force Cyber Security and Control System (CSCS) weapon system is designed to provide 24/7 network operations and management functions and enable key enterprise services within Air Force unclassified and classified networks. This system also supports defensive operations within those Air Force networks. CSCS is operated by two Active Duty (AD) Network Operations Squadrons (NOS), one Air National Guard (ANG) Network Operations Security Squadron (NOSS) and two Air Force Reserve Command (AFRC) Associate NOSs aligned with the AD squadrons. The 83 NOS (AD) and 860 NOS (Reserve) are located at Langley AFB VA; the 561 NOS (AD) and 960 NOS (Reserve) are located at Peterson AFB CO; and the 299 NOSS (ANG) is located at McConnell AFB KS.
3) Air Force Intranet Control (AFINC): The Air Force Intranet Control (AFINC) weapon system is the top level boundary and entry point into the Air Force Information Network (AFIN), and controls the flow of all external and interbase traffic through standard, centrally managed gateways. The AFINC weapon system consists of 16 Gateway Suites and two Integrated Management Suites, and is operated by the 26 Network Operations Squadron (26 NOS) located at Gunter Annex, Montgomery, AL.
4) Cyberspace Vulnerability Assessment/Hunter (CVA/Hunt): The Air Force Cyberspace Vulnerability Assessment/Hunter (CVA/Hunter) weapon system executes vulnerability, compliance, defense and non-technical assessments, best practice reviews, penetration testing and Hunter missions on AF and DoD networks & systems. Hunter operations characterize and then eliminate threats for the purpose of mission assurance. The weapon system can perform defensive sorties world-wide via remote or on-site access. The CVA/Hunter weapon system is operated by one Active Duty unit, the 92d Information Operations Squadron (IOS), located at Joint Base San Antonio Lackland TX, and one Guard unit, the 262d Network Warfare Squadron (NWS), located at Joint Base LM McChord WA. There are two Guard units in the process of converting to this mission, the 143d IOS and the 261st NWS, located at Camp Murray WA, and Sepulveda ANGS CA, respectively.
5) Cyber Command and Control Mission System (C3MS): The U.S. Air Force has mastered the ability to apply global reach, power and vigilance across the domains of air and space. The AF applies these same precepts in the cyberspace domain as part of its mission to fly, fight, and win in air, space and cyberspace. The Cyber Command and Control Mission System (C3MS) weapon system enables this mission by synchronizing other AF cyber weapon systems to produce operational level effects in support of Combatant Commanders worldwide. C3MS provides operational level Command and Control (C2) and Situational Awareness (SA) of AF cyber forces, networks and mission systems. C3MS enables the 24th Air Force Commander (24 AF/CC) to develop and disseminate cyber strategies and plans, then execute and assess these plans in support of AF and Joint warfighters. The C3MS weapon system is operated by the 854th Combat Operations Squadron for the 624th Operations Center (624 OC) at Joint Base San Antonio Lackland TX.
6) Air Force Cyberspace Defense (ACD): The Air Force Cyberspace Defense (ACD) weapon system is designed to prevent, detect, respond to, and provide forensics of intrusions into unclassified and classified networks. This weapon system supports the AF Computer Emergency Response Team in fulfilling their responsibilities. ACD is operated by the 33d Network Warfare Squadron (NWS) located at Joint Base San Antonio Lackland TX, the Air Force Reserve’s 426th NWS located at Joint Base San Antonio Lackland TX and the Air National Guard's (ANG) 102d NWS located at Quonset ANGB RI.(15)
AFSC 17X Cyberspace Operations Officer Career Field Education and Training
The Air Force Cyberspace Operations Specialty executes cyberspace operations and information operations functions and activities. Plans, organizes, directs and executes cyberspace and information operations such as, Defensive Cyber Operations (DCO), Offensive Cyber Operations (OCO), Department of Defense (DoD) Information Network (DoDIN) Operations and Mission Assurance for Air Force weapons systems and platforms. Such operations cover the spectrum of mission areas within the cyberspace domain. Duties and Responsibilities include:
Skill and Career Progression:
Career Development
The Cyberspace Operations Officer Career Path has a progression through a variety of jobs. Early on, officers should develop a solid technical and operational experience base and continually focus on gaining depth and breadth as their careers progress. The desire is to build a force of competent, agile, and aggressive cyberspace operators able to apply their skills in an operational environment and articulate the effects cyberspace capabilities have on the AF mission in operational (vs technical) terms. Cyber 200 and Cyber 300 are required professional military courses that are career specific.
Every assignment and all assignment advice given must reflect this philosophy. 17X officers must know and fully understand all of our cyberspace capabilities and limitations. They must be able to operate in any environment, perform a variety of cyberspace-related jobs, and understand all aspects of operations.
Depth and Breadth.
A company grade officer should develop depth early in his/her career with appropriate level assignments. Officers need to understand the technical application of the mission systems they man, how they fit into the Air Force, Joint, National and Combatant Commander Missions and how they interoperate or exchange information/data with Sister Service Mission Systems to achieve a Combatant Commander task. Subsequently, officers will gradually broaden their baseline both within and outside of the cyberspace operations career field through career breadth and career broadening tours.
Ultimately, an individual’s career path will be influenced by his/her personal aspirations and the needs of the Air Force. Ideally, officers will gain depth in the first 10 years of their career and assume more strategic positions as they mature through field grade ranks.
Assignments should prepare cyberspace operations officers for command and leadership positions within the Air Force, Joint Commands and the cyber community. The keys to success are breadth of experience, depth of knowledge, and high quality performance at every job level.
Experience Tracking Through Career Path Tool (CPT).
In order to more effectively identify key experiences to fill AF and Joint requirements as well as better management of the AF career force, AF/A1 developed an experience coding and tracking system to more readily employ forces called CPT. CPT pulls individual duty histories from MILPDS. CPT is based upon a six digit Airmen Capability Management (ACM) code, where the first three digits consist of the career field AFS (17D or 17S) and the last three are used to categorize roles and experience. The Career Field Manager (CFM) is charged to develop a methodology for the last three digits of the ACMs. Once fully populated, CPT allows AF functional and CFMs the data necessary to monitor and develop the force to the appropriate breadth and depth of experience required for the health of the career field. Additionally, CPT allows the AFPC assignment team and the Cyberspace Operations Development Team (DT) to quickly identify candidates for positions requiring specific experiences and certifications, replacing the time intensive process of delving into hundreds of individual documents (such as performance reports).
Career Path Tool is online and fully functional.
If they haven’t already, officers must go to the CPT website (https://afvec.langley.af.mil/af-cpt) and register. Once registered, members should view and validate the coding of their duty histories. Officers may correct discrepancies by either updating their duty histories in MILPDS (through the vMPF) or by using the “Report ACM Error” function from the “My Duty History” screen (if the error is related to the coding in CPT).
Duty Titles.
In order to facilitate implementation of the Air Force standardized experience tracking system (Career Path Tool) and mentoring tool (My Vector), a standardized set of duty titles is required. The information will be used in all aspects of an Airmen’s career. All cyberspace officers will have standardized duty titles. These duty titles will include a standardized job role followed by a brief descriptor of the position: Job Role, Descriptor. Examples of such are: “Flt/CC, Operations”; “Branch Chief, Cyber Defense”; “Division Chief, C4 Capabilities”
Specialty Qualifications Entry Level (17X1)
Knowledge
Fundamentals of Computer Systems, Operating Systems, Software Applications and Architecture, Protocols, Addressing and Hardware. In addition, an Understanding of Networking Fundamentals, Network Infrastructure, to include Telecommunications Theory, Industrial Control Systems, and Data Communications/Links is needed. Officers must also be Proficient on Wireless Networking, as well as, Data Delivery to Personal Wireless Devices and understand Cryptography; to include Utilization and Exploitation Techniques. Cyberspace Operations and Information Operations Organization, Policies, Directives and Doctrine; Cyberspace Operations Systems and Fundamentals; Requirements, Acquisition, and Logistics; Cyberspace Operations Management, Utilization and Planning Principles.
Education
For entry into this Specialty, most 17X Officers will possess Computer, Science, Technical, Engineering or Mathematic degrees. See the AFOCD for a complete list of degree programs.
Training
Officers will attend Undergraduate Cyberspace Training (Phase 1 and 2) as soon as possible after being accessed as a 17X1.
Specialty Qualifications Intermediate (17D2)
Knowledge Mission specific and work role requirements.
Education No additional education required.
Training OJT/JQS IQT requirements or graduation from IQT awarding FTU.
Specialty Qualifications Intermediate (17S2)
Knowledge Mission specific and work role requirements.
Education No additional education required.
Training OJT/JQS IQT requirements or graduation from IQT awarding FTU.
Specialty Qualifications Qualified (17D3), Qualified (17S3), Staff Level (17X4)
Knowledge Mission specific and work role requirements.
Education No additional education required.
Training OJT/JQS MQT requirements.
Initial award of 3 skill level will be NET 12 months from award of AFSC
Initial Qualification Training (IQT).
IQT is comprised of one or more courses covering system specific and/or positional specific training as a prerequisite to Mission Qualification Training. Completion of UCT serves as the IQT for the Cyberspace Operations career field. Weapons systems will have their own unique IQT and subsequent MQT progression. Completion of UCT meets the requirement for award of the 17X2X – Qualified IAW AFOCD.
Mission Qualification Training (MQT).
MQT prepares an individual for a successful formal evaluation. It focuses on filling training requirements not met at IQT, mastering local procedures, and increasing proficiency as needed. MQT ensures a smooth transition from IQT to MR/CMR status. MQT is comprised of training at a Formal Training Unit, if applicable, and local training at the unit. Units will determine MQT requirements in accordance with Lead MAJCOM policy and guidance. Completion of MQT (unit or weapons system) meets the requirement for award of the 17X3X – Qualified IAW AFOCD.
17D/17S officers will maintain compliance with DoD 8570.01-M. All Cyber Operations Officers will attain and possess a current Information Assurance Management certification in accordance with DoD 8570.01-M. There is no single answer on which certification an officer will attain. Officers should stay abreast of changes in the Directive in order to maintain the appropriate certification. While changes in this effort are being codified in AFMAN 33-285, Information Assurance (IA) Workforce Improvement Program, the following guidelines are provided. Refer to AFMAN 33-285 for guidance on preferred certifications.
Company Grade Officers (CGOs).
Most CGOs possess Security+ certification based on their attendance at Undergraduate Cyberspace Training. Some will attain additional certifications based on mission assignment or personal initiative. CGOs are tasked to maintain currency in their most advanced Information Assurance Management (IAM) certification.
Field Grade Officers (FGOs).
As an officer matures in grade, they are required to lead junior officers who possess IAM certifications. As such, they will be required to attain and maintain currency on the applicable IAM certification. Refer to AFMAN 33-285 for guidance on applicable certifications.
Maintaining Currency.
Officers attaining certification with Air Force funding are required to register their certification with the Defense Manpower Data Center (https://www.dmdc.osd.mil/appj/dwp/index.jsp). Once codified in AFMAN 33-285, the Air Force will use the information provide to: 1) verify an officers certification and 2) pay for certification maintenance fees. While an individual may attain multiple certifications over their career, the Air Force will pay maintenance fees for the most advanced certification.
The Air Force uses the CTS to identify the training students receive in a specific course. It serves as the foundational document which describes the course’s content and standard of proficiency each student is expected to achieve in order to successfully complete the course. It’s also used as the basis for the Course Resource Estimate (CRE) which describes the human, physical, and fiscal resources required to execute the course. In essence, the CTS is a contract between the Career Field Manager and the training provider, and can only be modified through the Specialty Training Requirements Team (STRT)/U&TW process and AFCFM policy directives. The training tasks are based on an analysis of duties in the AF Officer Classification Directory for 17D and 17S AFSCs as described in the Air Force Education and Training Course Announcements (ETCA) database.
Training Programs For Cyberspace Operations Officers
This section identifies training programs and resources currently available for cyberspace operations officers to further their knowledge of the career field. Professional Continuing Education (PCE) (Cyber 200 and Cyber 300) and technical refresher training are additional education and training options, either in residence, or through exportable courses and on-the-job training. This training is available to personnel to increase their skills and knowledge beyond the minimum required. For further information on available training check the 17D/17S professional development website.
The Air Force Institute of Technology (AFIT) Graduate School of Engineering and Management located at Wright-Patterson AFB, OH, offers numerous cyberspace related courses. Graduate programs include Cyber Operations, Computer Engineering, Computer Science, Electrical Engineering, and Software Engineering. These are in-residence courses requiring a PCS move. Additionally, AFIT offers graduate degrees in Systems Engineering and Engineering Management, through which students can specialize in Information Resource Management (1AUY), Information Systems Management (OIYY), and Management Information Systems (1AME). The Systems Engineering graduate program offers both in-residence curriculum as well as distance learning opportunities.
The Center for Cyberspace Research (Air Force Cyberspace Technical Center of Excellence) conducts defense-focused research at the Master’s and PhD levels. The CCR is forward-looking and responsive to the changing educational and research needs of the Air Force, Department of Defense, and the federal government. The CCR affiliated faculty teach and perform research focusing on understanding and developing advanced cyber-related theories and technologies.
The AFIT School of Systems and Logistics offers courses on acquisition, software and systems engineering, test and evaluation, logistics and financial management. These courses are offered through a mix of in residence, on-site and distance learning modes. The software engineering courses are collectively known as the Software Professional Development Program (SPDP). The objective of the program is to provide continuing education for USAF members involved in any aspect of software engineering, including acquisition, writing or modification of software. Specific topics include software project management, software requirements, software design, software implementation, software testing, and software maintenance. (Available to Active Duty, Reserve and Guard members).
The National Defense University offers leading-edge training in information resource management for lieutenant colonels (and civilian equivalent) and above. Applications for the course meet a selection board. Several courses, seminars, symposia and workshops are offered with differing lengths from 3 days to14 weeks.
The iCollege, Information Resources Management College at the National Defense University, prepares military and civilian leaders to optimize information technology management and secure information dominance within cyberspace. The iCollege offers seven unique, but connected, programs of study. They offer both classroom and online Distributed Learning formats.
The USAF Special Operations School (USAFSOS) sponsors a variety of courses furthering operational knowledge. USAFSOS is part of the Joint Special Operations University (JSOU) at Hurlburt Field, FL. JSOU educates Special Operations Forces (SOF) executive, senior and in