Air Force stands up new office to shield weapons from cyber attacks

The Air Force is standing up a new, full-time office dedicated to protecting its weapons systems from cyber attacks.

The Cyber Resiliency Office for Weapons Systems (CROWS) was born from the notion that even though a modern jet fighter is essentially a flying network of computing systems that’s vulnerable to cyber threats, it’s an exquisitely customized one that doesn’t quite fit the procedures the government usually employs to protect its traditional IT systems.

“The cyber threat is more than just network intrusion or traditional malware — it also affects our weapon systems and presents a clear and present danger to successful mission assurance,” Dennis Miller, the new office’s director, said in an Air Force statement.

CROWS will be based at Hanscom Air Force Base, the Massachusetts installation that hosts the service’s Lifecycle Management Center (AFLCMC). It will be staffed by subject matter experts from across the Air Force, including personnel who’ve traditionally been in charge of thinking about up-front systems engineering for new platforms, operation and maintenance of weapons systems and long-term sustainment.

The new “horizontally-integrated” organization reached initial operating capability on Dec. 21.

Officials said its initial activities will be focused on drawing up accurate pictures of cyber threats to current Air Force missions based on assessments from the intelligence community, pushing the service to design its weapons systems in more modular blocks that can be quickly redesigned and swapped out in response to new threats, and building tighter connections between weapons system development and the cyber protection teams DoD is already building to defend its traditional IT networks.

The standup of CROWS is the latest step in addressing a cybersecurity problem that Air Force officials fully acknowledge they’ve been slow to react to. In early 2015, the service established Task Force Cyber Secure with the intention of inculcating at least as much cyber rigor to weapons as the Air Force already applies to desktop and laptop computers and their associated networks.

The Air Force has now settled on seven discrete lines of attack to achieve that objective, but Gen. Ellen Pawlikowski, the commander of Air Force Materiel Command, told reporters in September that getting weapons systems into a more cyber-secure condition would likely take another five to seven years, partially because the military’s budgeting process to date has not yet made it a priority.

“We know this is going to be a high-demand, low-density capability in the beginning,” Pawlikowski said at the time about the AFLCMC group that’s now up and running. “They’re going to support the program offices as they develop their cybersecurity, but it also includes education of the entire workforce. This is not something where a program manager or a financial manager can say, ‘I don’t do IT.’ We need all our airmen to be part of this, but right now I’m focused mostly on the people who can contribute to baking cybersecurity into our engineering processes.”

Related Stories

    33rd Fighter Wing/Public Affairs/Senior Airman Stormy ArcherPilots with the 33rd Fighter Wing prepare to take off during exercise Northern Lightning at Volk Field, Wis., Aug. 26, 2016. Northern Lightning is a joint total force exercise that gives the Air National Guard, Air Force and Navy a chance to practice offensive counter air, suppression and destruction of enemy air defense and close air support. (U.S. Air Force photo/Senior Airman Stormy Archer)

    Air Force sees progress in hardening its weapons against cyber attack, despite no new funding

    Read more
    Federal News Radio pinwheel icon

    Air Force charges new cyber task force with looking for threats in core missions

    Read more
    Federal News Radio pinwheel icon

    Navy’s ‘awakening’ means cyber threats aren’t just an IT problem

    Read more