HomeNewsArticle Display

16th Air Force to streamline cyber weapon systems

U.S. Air Force Airmen from the 33rd Network Warfare Squadron conduct cyber operations at Joint Base San Antonio-Lackland, Texas, Aug. 27, 2019. The 33rd NWS utilizes a cyber weapon system that employs more than 40 tools and applications. The “12N12” initiative aims to reduce this number to 12 in 12 months. (U.S. Air Force photo by Tech. Sgt. R.J. Biermann)

Airmen from the 33rd Network Warfare Squadron conduct cyber operations at Joint Base San Antonio-Lackland, Texas, Aug. 27, 2019. The 33rd NWS utilizes a cyber weapon system that employs more than 40 tools and applications. The “12N12” initiative aims to reduce this number to 12 in 12 months. (U.S. Air Force photo by Tech. Sgt. R.J. Biermann)


Leaders from the 16th Air Force, also known as Air Forces Cyber, recently launched an initiative to streamline its cyber weapon systems tools called “12N12.”

Launched on July 1, 12N12 aims to replace, reduce and consolidate the tools, systems and applications operators and analysts employ within the cyberspace security and defense mission area by July 1, 2020.

“The goal is to reduce the number of applications in our cyber weapon systems, which in some cases are as many as 70, to about a dozen, and do so in 12 months or less,” said Col. Sean Kern, 26th Cyberspace Operations Group commander.

“But this is absolutely not just a technology initiative,” Kern continued. “It is about our Airmen, and our ability to produce a highly trained and ready cyber force that possesses the appropriate tactics, techniques, procedures and tools to gain and maintain operational access for core missions and generate desired effects in and through cyberspace.”

According to Steve Barker, 16th Air Force director of requirements, 12N12 aligns with strategic initiatives focused on simplifying and improving full-spectrum weapon systems using agile methodologies to best prepare for future peer-adversary threats.

“12N12 will reduce the complexity of our systems, allowing Airmen to gain deeper expertise in the tools they use as well as posture our enterprise for future change,” Barker said.

The end state calls for replacing aged, single-purpose tools with newer, multi-purpose ones.

One antiquated tool among many is the Security Information and Event Management tool.

“The SIEM scrubs through all the data we receive and presents it to the operator in a way that is easier to view,” said Staff Sgt. Trevor Daher, 33rd Network Warfare Squadron cyber operator. “It only allows us to manage the stream of information, and it was put in place in 1999. Of course it has been updated, but it is still a 20-year-old product.”

Some newer tools both manage information and respond to alerts.

“There is a tool called SOAR, a Security Orchestration and Automated Response tool,” Daher said. “This tool reviews data and can be programmed to respond or react to individual alerts in different ways. You tell it what to do – it sees an alert and executes a checklist for you.”

For the aviation enthusiast, an aircraft analogy may help to better understand an operator’s current workspace.

“Think of this from a pilot perspective,” said Chief Master Sgt. Michael Clutz, 26th COG superintendent. “If I had to press 40 different buttons to fire a missile, nobody would think that was OK. Our cyber Airmen currently have to carry that burden. We are trying to make life better for them through this initiative while taking it to the adversary. The number of applications a weapon system employs is the number of things the operators must be familiar with.”

The prospect of having to master fewer weapon systems tools is an encouraging future for Daher.

“Replacing our old tools with new ones would be amazing,” he said. “These tools have capabilities we don’t currently have. Many of them can automate a decent portion of what we do, allowing us to spend more time investigating more malicious activities.”

Within the cybersecurity arena, time is one factor that separates winners from losers.

“In 18 minutes, 49 seconds, a foreign nation-state actor can gain initial access into a victim’s computer before moving laterally throughout its network,” Kern said. “That is our operational urgency, and if we don’t get cybersecurity and defense right, we will lose.”

Some operators process upwards of eight million alerts per day using common computer programs when newer, automated applications are available.

“We look at an insane amount of data from across the Air Force to determine if something is malicious or not,” Daher said. “We have seen what cyber attacks can do, and the goal is to stop those types of things from happening. To do that, we have to monitor our entire network. These new tools could change everything. Being able to better see data enables other Air Force missions to do what they need to do without cyber interruption.”

To keep pace with the goal date, a project team meets weekly to share updates and discuss obstacles and how to mitigate them. Additionally, Air Combat Command has adopted a new approach to cyber weapon systems development.

“The status quo will not work,” Kern said. “(ACC’s) efforts to implement agile methods will be critical to achieving our desired July 1, 2020, end state. By next year, you can expect to see an Airman sitting at a single console, conducting cybersecurity and defense and not having to move from system to system to do their job.”


Facebook Twitter
RT @DeptofDefense: Flying side by side gets the mission done. @usairforce and @RoyalAirForce participated in exercise Point Blank with @NAT
RT @HQUSAFEPA: Getting to see a chaplain in a remote location is a #blessing. Archbishop of U.S. Military Services Timothy Broglio recently…
RT @AFWERX: Did you catch @EdwardsAFB’s first-ever @TEDx event? There’s no doubt their theme, “Laying the Foundation for Tomorrow’s Innovat…
RT @DeptofDefense: Press ▶️ to get motivated by watching this video of exercise #MobilityGuardian19, Air Mobility Command's largest full-sp…
.@SecAFOfficial Barbara Barrett recently testified to the #SenateArmedServicesCommittee on privatized #military hou… https://t.co/XktLL4cXBB
RT @US_Stratcom: Whether it’s a defender, missile alert facility manager or a missileer, everyone is vital to the intercontinental ballisti…
RT @AFResearchLab: The @AF_SBIR_STTR team alongside the Wright Brothers Institute hosted the first @usairforce Technology Executive Office…
RT @USAFHealth: There is still time to enroll or make changes to your TRICARE plan. Due to a technical issue, the TRICARE Beneficiary Web E…
RT @USAFCENT: GLOBAL REACH | USAF KC-135 refuels F-15Es and F-16s over Northern Iraq. By providing aerial refueling for the USAF, the KC-13…
RT @DeptofDefense: Working hand in hand with @NASA, the @179AW’s Super Guppy brings home the @NASA_Orion space capsule. Watch it here! #Kno
RT @DeptofDefense: We’ve got you! With the holidays right around the corner, we want to let you know we’re here 24/7. Child care options ☑️…
RT @HAFB: The addition of a new, high-tech pump operations simulator will serve to improve the training #HillAFB firefighters receive by ho…
RT @AirNatlGuard: More than 150 @142ndFW Airmen participated in Checkered Flag; a joint-force, air-to-air combat exercise involving more th…
RT @PACAF: The Pacific Air Chief Symposium is quickly approaching. Check out the link to find out more about what's bringing the top #airme
RT @cmsaf18: Capt. Cole, your resilience is inspiring! https://t.co/BgQVb5eIOf
RT @AETCommand: 🔥 🗣️ NEW 🎙️ ALERT: How nutrition is being used to optimize trainee performance at the @AFSWTW is the topic on our latest "D…
RT @AFWERX: TSgt. Daniel Caban designed and built these Portable Magnetic Aircraft Covers (PMAC) in partnership with a local business to be…
RT @HQ_AFMC: 🛩️ #DYK: A C-17 Globemaster III #aircraft can stop on a dime and actually back up? Now you're armed with that next round of…
RT @EsperDoD: One Team, One Fight! I honor our deployed service members who came together on Thanksgiving to enjoy a meal, give thanks, a…