HomeNewsArticle Display

AF revolutionizes cybersecurity risk management ensuring mission assurance

WASHINGTON (AFNS) -- The Air Force Chief Information Security Office continues to lead massive change to the way the entire service manages cybersecurity and risk across the five core missions.

The latest innovation is the roll-out of the completely redesigned Risk Management Framework – the formal policies and processes designed to empower Airmen to assess, manage and validate the cybersecurity risks of the tools and systems they operate, from computer programs to major weapons platforms. The new policy realigns the approval processes necessary to certify cyber tools and systems away from singular authority to a functionally aligned model.

This transformation places the risk decision where it belongs: with the experts utilizing those systems and tools to get the mission done. The policy adjustment also moves the Air Force from the antiquated compliance mandates to true risk awareness, mitigation and mission assurance.

The Air Force codified RMF in Air Force Instruction 17-101, “Risk Management Framework for Air Force Information Technology.”

"This policy is the first of my initiatives that hardens cybersecurity, protects the Air Force's key cyber terrain, and reduces the cyber threat footprint,” said Pete Kim, the chief information security officer.

The new process also adds clarification to the wide array of tools that fit under the cyberspace umbrella. No longer is the sole thought process about what constitutes a cyber system centered on the desktop computer and the network it connects to. As innovation drives formerly inert equipment to “smart” internet-enabled devices in an exponential way, so does the growth of the threat landscape expand exponentially.

This growth includes pieces of mission-critical and mission support programs from fighter aircraft to building's heating and cooling units. Formalization of a standard governance framework for cross-functional engagement is another key piece of the new policy enabling a truly integrated decision-making process.

The new framework decentralizes the risk assessment and authorization to authorizing officials with a defined cyber area of responsibility delegated by the Air Force chief information officer, Lt. Gen. William Bender. The Air Force has AOs assigned to key mission and functional areas from aircraft and weapons systems to logistics and finance.

This, combined with the vast functional area knowledge, allows the AO to compare the system's cybersecurity risk to the system's mission capability to authorize operations within cyberspace. The cyber threats may grow larger every day as more devices become internet enabled, but the Air Force's policy implements a framework that minimizes the threat landscape to mission assurance, making every Airman capable to fly, fight and win in air, space and cyberspace.

Engage

Facebook Twitter
We are saddened to hear of the passing of Wilfred Defour, a #TuskegeeAirman. We send thoughts of consolation to his… https://t.co/WDDUtUfHLg
RT @DeptofDefense: A view from the cockpit! Fly along with this @48FighterWing #F15 pilot as the @USAirForce 🇺🇸 and #UK’s @RoyalAirForce 🇬🇧…
#USAF medics from the 51st Medical Group joined the Center for the Sustainment of Trauma & Readiness Skills medical… https://t.co/bDYawsDW5h
Can you see in the dark? In this #photo, training is conducted at Melrose Air Force Range, New Mexico during Emera… https://t.co/vYjameEBlA
SSgt. Pete Taijeron, 254th Rapid Engineer Deployable Heavy Operational Repair Squadron Engineer, uses a circular sa… https://t.co/GMmW7rWoVv
An #F15C takes off during @NATO's Tactical Leadership Programme 18-4 at Amendola AB, Italy, where the focus is deve… https://t.co/PNo5CdB1zC
Mark your calendars; the @AFThunderbirds 2019 season dates are here. https://t.co/sVcgLXzxEA https://t.co/jlsJwPMZMd
Mathematician and #GPS innovator, Gladys West, is inducted into Space and Missiles Pioneers Hall of Fame. @AFSpacehttps://t.co/ZGs8CFfMkS
Military training instructors can get just about anyone ready for duty! This #FlashbackFriday takes #Santa through… https://t.co/5M7iHhU21m
RT @SecAFOfficial: To increase readiness & use money wisely, we have recommended basing the next three squadrons of F-35s at Tyndall. With…
#CMSAF Kaleth Wright advocates for #Airmen to arm themselves with knowledge as the #BlendedRetirementSystem opt-in… https://t.co/HRmZIda6aM
A day the U.S. will never forget. At 7:55 a.m. on Sunday, Dec. 7, 1941, a Japanese force of 183 airplanes attacked… https://t.co/hzE55jRp23
Congratulations are in order @LukeAFB as the 308th Fighter Squadron reactivates, training the world’s greatest figh… https://t.co/XRHrTSUYTj
RT @EielsonAirForce: @CMTTop20 visited the Iceman team last week. Here’s a sneak peek of their visit to the Arctic Survival School. @PACAF
#AirForce Installation and Mission Support Center Resources Directorate's first on-site responder since… https://t.co/pJKTWqXOjw
‘Conflict Anywhere Will Be Conflict Everywhere' is the motto for Multi-Domain Command & Control. #MDC2 aims to figu… https://t.co/nFzxBUHRoS
VCSAF Gen. Stephen Wilson meets #AirForce cadets @ the 10th Annual National Security Scholars Conf in Pittsburg, PA… https://t.co/akLCM7RBaA
RT @GenDaveGoldfein: “We’ve got to be able to deliver capabilities from the lab bench to the warfighter faster...if you’ve got an idea that…