Security Technologies and Methodology in the United

¶ … Security Technologies and Methodology in the United States Air Force

The objective of this study is to evaluate the effectiveness of security technologies and methodology in the U.S. Air Force. This work will first determine uncertainties and calculate the risk for each threat. This work will additionally identify any needed controls including technical, administrative and managerial controls. Finally, this work will describe the network security methodology and technology used in the Air Force and the access control technology utilized by the Air Force.

Cyberspace is reported as "pervasive in military operations across all domains" and reported as well is that it is "vital to how the United States conducts those operations." (Wimmer, 2012) Cyberspace was identified by Secretary of the Air Force, Michael Wynne and Air Force Chief of Staff, general T. Michael Moseley to be "a domain equal with Land, Sea, Air and Space." ( )

The Risk

It is reported that in May 2007, "Secretary Wynne issued another Letter to Airmen in which he stated 'our adversaries are attempting to access American servers that contain sensitive data. In response to these threats, Airmen are actively 'flying and fighting' in cyberspace. Our cyber Airmen's work is a prerequisite to all military operations: ensuring freedom of action across the electromagnetic spectrum, which in turn contributes to freedom from attack and freedom to attack in all other domains: land, sea, air and space As the advantages gained through cyberspace were increasing, so were the threats from adversaries." (Wimmer, 2012) Cyberspace training that is received by all enlisted members includes: (1) Cyberspace and the Air Force training at Basic Military Training (BMT); and (2) Advanced Distributed Learning System (ADLS) annual training. (Wimmer, 2012)

II. The Solution

According to Wimmer's report, "CyTCoE was charted to be "a unifying and synergistic body for promoting cyberspace education, training, research, and technology development. The AF CyTCoE developed material for inclusion in the Airman's study guide, which included a review exercise to assist Airmen as they prepare for the end-of-course exam." (Wimmer, 2012) Also developed was a four-hour block of classroom training that would be administered by Military Training Instructors including "a flash media presentation and a Plan of Instruction to guide instructors during the presentation of the material." (Wimmer, 2012) Also developed were questions to be included in at the end of course in a written test that is given during week seven of training and that is focused on analysis of the trainee's "comprehension of the academic material presented during BMT." (Wimmer, 2012)

The first BMT trainees graduated in October 2010. Once the BMT is completed, the trainee's must complete annual ancillary training, which is "universal training, guidance or instruction regardless of Air Force Specialty Code (AFSC) that contributes to mission accomplishment." (Wimmer, 2012) All members of the Air Force military, civilian employee's even nonappropriated fund, and contractor personnel must complete Information Assurance Awareness modules of training. This training is described as 'general awareness-level training'." (Wimmer, 2012)

Information Protection training is reported as such that is designed with the purpose of ensuring security and protection of DoD information and Information Assurance Awareness is such that makes sure that personnel are up-to-date on the latest computer security threat risks and the protective measures against those threats." (Wimmer, 2012) This training is received by Airmen who complete two modules of training using the Advanced Distributed Learning (ADL) methods. The ADLS provides ADL content and tracks the progress of students.

IV. Core Curriculum

The core curriculum is reported as a "mandatory set of courses all cadets must complete regardless of their academic major. Additionally, cyberspace training is included in various military training events such as the Basic Cadet Training. Finally, USAFA offers upper-class cadets the opportunity to spend one of their summer sessions in Cyber 256, Basic Cyber Operations. The course is intended to spark cadets' interest in pursuing more in-depth work in computer science." (Wimmer, 2012) A USAFA news release is reported to have stated that everything about the Basic Cyber course focuses on "practical application." (Wimmer, 2012) Stated as the second source of commissioning is the ROTC which includes four regional headquarters, 144 detachments, and more than 1,200 cross-town universities." (Wimmer, 2012) There were a reported 1,796 second lieutenants commissioned by ROTC in 2011 with ROTC cadets being on the receiving end of two hours of instruction delivered through lecture and guided instruction on cyberspace occurring during the fourth year of training with a design to prepare the recruits for the Air Force. The lesson plan is reported to be such that list the cognitive lesson objectives identified as "Know basic facts and significant vulnerabilities associated with cyberspace operations and the Air Force role in the cyberspace domain." (Wimmer, 2012) The Air Force role in the cyberspace domain includes identification of cognitive behavior examples such as the following:

(1) Define cyberspace and cyber superiority;

(2) Identify specific threats and vulnerabilities associated with cyberspace operations

(3) Define the unique relationship of the cyberspace domain to other air and space domains according to the Airman's perspective of cyberspace; and (4) State the roles and responsibilities of all Cyber Wingmen. (Wimmer, 2012)

The Instructional Development (ISD) model has been used by the Air Force since 1965 and is a process used to guide training development. ISD is described as a "systematic, flexible, proven process for determining whether instruction is necessary in a given situation, for defining what instruction is needed, and for ensuring development of effective, cost-efficient instruction," (Department of the Air Force, 2002)

The following illustration shows the conception of the ISD model:

Figure 1 -- ISD Model

Source: (Wimmer, 2012)

There is reported to be lacking, the feedback between users and curriculum developers and this is an issue that the Air Force must address to ensure future effectiveness in cyberspace security training.

Summary and Conclusion