Taking the fight to the cyberspace frontier

  • Published
  • By Dave Smith
  • 21st Space Wing Public Affairs
In a highly secure, underground facility in Colorado Springs, crews of operators in a room full of computers keep an ever vigilant eye, protecting worldwide U.S. assets around the clock.

This facility is not underneath tons of granite in the midst of Cheyenne Mountain, like a more well-known part of the 21st Space Wing. It is located below street level in a building on Peterson Air Force Base, protecting a different part of space – cyberspace.

The 561st Network Operations Squadron, headquartered at Peterson AFB, manages and defends the Air Force enterprise network for 108 installations. The squadron has detachments in Montana and Illinois. The 960th NOS, an Air Force Reserve unit trained for the same tasks, also adds to the forces protecting more than one million networked computer systems.

What many people don’t realize about the squadron is that it is a $10 billion weapons system, said Thomas Exline, the Cyber Security and Control System operations manager. The system is designed for 24/7 network operations, as well as supporting defensive operations within both classified and unclassified Air Force networks.

“If our systems go down, C-130s don’t fly and Cheyenne Mountain Air Force Station doesn’t function,” Exline said.

The 561st NOS is not the same as the 21st Communications Squadron. They don’t do maintenance, rather they work on the back side of things. More than classified and unclassified email networks command the squadron’s attention. Aircraft, via the airborne net, are connected to the Air Force network. Remotely piloted aircraft work across the network too.

“If we don’t keep things going, then they do not operate,” said Capt. Michael Russell, the 561st NOS section commander. “If it doesn’t work properly, it can affect a lot of things.”

Those “things” include permanent changes of station and getting paid, he said, among other daily, mundane tasks undertaken by people to carry out their missions. All they do is important-to-base programs, whether people notice it or not.

“Look at what goes out in the press,” said Senior Master Sgt. Joseph Drueke, the 561st NOS operations flight superintendent. “You hear about North Korea and other places hacking something, but you don’t hear about it happening in the military because of the people in this building.”

By conservative estimates there are more than a million attacks on the U.S. Air Force network every day. Some are dealt with automatically by security software, but other attempts are not so easily repelled. Nation-states trying to infiltrate the network are a battle fought by 561st NOS operators on a regular basis.

Addressing those nation-state and in-nation threats led to changes in how the 561st NOS runs, Exline said. It has gone from what he called a “backshop unit” to an operational crew alignment. Mirroring a standard operations group, each crew has all the specializations within the 561st NOS, providing support at all times.

“We are combat mission ready similar to what they have in the flying world,” Exline said.

In the midst of large-scale hacking attempts from other nations, one of the biggest vulnerabilities in the network happens on a more personal level.

“It’s phishing,” said 1st Lt. Derik Dietel, the 561st NOS alpha crew commander. “It usually happens when people click something in their email.”

Phishing is defrauding an online account holder of personal information by posing as a legitimate business. Exline said just one click on such a link causes a cascade effect of the network. As many as a dozen groups are required to respond and eradicate the impact of a phishing incident.

“The (561st) NOS has to scour over 800,000 computers,” he said. “If (a threat) is not from within the military, it is hard to block.”

Other common threats come from personal external devices such as cellphones and hard drives. Insider threats from disgruntled employees seeking to cause harm are other possible concerns Airmen from the 561st NOS face daily. They can use any help they can get fighting them, too.

“People are sensors,” Exline said. “If you see something that isn’t right, you should say something.”

The squadron uses the confidentiality, integrity and availability model to guide organizational information security policy. It can be a challenge balancing security and usability for almost one million computers.

“We want to make it seamless for the end user,” said Staff Sgt. Cory Smith, a 561st NOS vulnerability assessment operations instructor. “If we are doing our job right, nobody will know we are there.”