16th Air Force to streamline cyber weapon systems

Airmen from the 33rd Network Warfare Squadron conduct cyber operations at Joint Base San Antonio-Lackland, Texas, Aug. 27, 2019. The 33rd NWS utilizes a cyber weapon system that employs more than 40 tools and applications. The “12N12” initiative aims to reduce this number to 12 in 12 months. (U.S. Air Force photo by Tech. Sgt. R.J. Biermann)

JOINT BASE SAN ANTONIO-LACKLAND, Texas (AFNS) -- Leaders from the 16th Air Force, also known as Air Force Cyber, recently launched an initiative to streamline its cyber weapon systems tools called “12N12.”

Launched on July 1, 12N12 aims to replace, reduce and consolidate the tools, systems and applications operators and analysts employ within the cyberspace security and defense mission area by July 1, 2020.

“The goal is to reduce the number of applications in our cyber weapon systems, which in some cases are as many as 70, to about a dozen, and do so in 12 months or less,” said Col. Sean Kern, 26th Cyberspace Operations Group commander.

“But this is absolutely not just a technology initiative,” Kern continued. “It is about our Airmen, and our ability to produce a highly trained and ready cyber force that possesses the appropriate tactics, techniques, procedures and tools to gain and maintain operational access for core missions and generate desired effects in and through cyberspace.”

According to Steve Barker, 16th Air Force director of requirements, 12N12 aligns with strategic initiatives focused on simplifying and improving full-spectrum weapon systems using agile methodologies to best prepare for future peer-adversary threats.

“12N12 will reduce the complexity of our systems, allowing airmen to gain deeper expertise in the tools they use as well as posture our enterprise for future change,” Barker said.

The end state calls for replacing aged, single-purpose tools with newer, multi-purpose ones.

One antiquated tool among many is the Security Information and Event Management tool.

“The SIEM scrubs through all the data we receive and presents it to the operator in a way that is easier to view,” said Staff Sgt. Trevor Daher, 33rd Network Warfare Squadron cyber operator. Some newer tools both manage information and respond to alerts.

The prospect of having to master fewer weapon systems tools is an encouraging future for Daher.

“Replacing our old tools with new ones would be amazing,” he said. “These tools have capabilities we don’t currently have. Many of them can automate a decent portion of what we do, allowing us to spend more time investigating more malicious activities.”

Within the cybersecurity arena, time is one factor that separates winners from losers.

“In 18 minutes, 49 seconds, a foreign nation-state actor can gain initial access into a victim’s computer before moving laterally throughout its network,” Kern said. “That is our operational urgency, and if we don’t get cybersecurity and defense right, we will lose.”

Some operators process upwards of eight million alerts per day using common computer programs when newer, automated applications are available.

To keep pace with the goal date, a project team meets weekly to share updates and discuss obstacles and how to mitigate them.

Additionally, Air Combat Command has adopted a new approach to cyber weapon systems development.

Recommended for you