The Air Force is standing up a new, full-time office dedicated to protecting its weapons systems from cyber attacks.
The Cyber Resiliency Office for Weapons Systems (CROWS) was born from the notion that even though a modern jet fighter is essentially a flying network of computing systems that’s vulnerable to cyber threats, it’s an exquisitely customized one that doesn’t quite fit the procedures the government usually employs to protect its traditional IT systems.
“The cyber threat is more than just network intrusion or traditional malware — it also affects our weapon systems and presents a clear and present danger to successful mission assurance,” Dennis Miller, the new office’s director, said in an Air Force statement.
CROWS will be based at Hanscom Air Force Base, the Massachusetts installation that hosts the service’s Lifecycle Management Center (AFLCMC). It will be staffed by subject matter experts from across the Air Force, including personnel who’ve traditionally been in charge of thinking about up-front systems engineering for new platforms, operation and maintenance of weapons systems and long-term sustainment.
The new “horizontally-integrated” organization reached initial operating capability on Dec. 21.
Officials said its initial activities will be focused on drawing up accurate pictures of cyber threats to current Air Force missions based on assessments from the intelligence community, pushing the service to design its weapons systems in more modular blocks that can be quickly redesigned and swapped out in response to new threats, and building tighter connections between weapons system development and the cyber protection teams DoD is already building to defend its traditional IT networks.
The standup of CROWS is the latest step in addressing a cybersecurity problem that Air Force officials fully acknowledge they’ve been slow to react to. In early 2015, the service established Task Force Cyber Secure with the intention of inculcating at least as much cyber rigor to weapons as the Air Force already applies to desktop and laptop computers and their associated networks.
The Air Force has now settled on seven discrete lines of attack to achieve that objective, but Gen. Ellen Pawlikowski, the commander of Air Force Materiel Command, told reporters in September that getting weapons systems into a more cyber-secure condition would likely take another five to seven years, partially because the military’s budgeting process to date has not yet made it a priority.
“We know this is going to be a high-demand, low-density capability in the beginning,” Pawlikowski said at the time about the AFLCMC group that’s now up and running. “They’re going to support the program offices as they develop their cybersecurity, but it also includes education of the entire workforce. This is not something where a program manager or a financial manager can say, ‘I don’t do IT.’ We need all our airmen to be part of this, but right now I’m focused mostly on the people who can contribute to baking cybersecurity into our engineering processes.”